Methods and systems that provision distributed applications that invoke functions provided by a distributed-function-as-a-service feature

ABSTRACT

The current document is directed to an automated-application-installation subsystem that provisions, installs, and configures applications across cloud-computing providers, including applications that invoke functions provisioned and executed through a distributed-function-as-a-service feature of the automated-application-installation subsystem. The automated-application-installation subsystem employs application blueprints to identify components to provision. An application blueprint generally includes component specifications, constraints, and interdependencies. The automated-application-installation subsystem then determines a cost-effective provisioning of the identified components across available cloud-computing providers and installs the application according to the cost-effective provisioning.

TECHNICAL FIELD

The current document is directed to workflow-based cloud-management systems and, in particular, to a blueprint-based automated-application-installation subsystem that provisions, installs, and configures applications across cloud-computing providers, including applications that invoke functions provisioned and executed through a distributed-function-as-a-service feature.

BACKGROUND

Early computer systems were generally large, single-processor systems that sequentially executed jobs encoded on huge decks of Hollerith cards. Over time, the parallel evolution of computer hardware and software produced main-frame computers and minicomputers with multi-tasking operation systems, increasingly capable personal computers, workstations, and servers, and, in the current environment, multi-processor mobile computing devices, personal computers, and servers interconnected through global networking and communications systems with one another and with massive virtual data centers and virtualized cloud-computing facilities. This rapid evolution of computer systems has been accompanied with greatly expanded needs for computer-system management and administration. Currently, these needs have begun to be addressed by highly capable automated management and administration tools and facilities. As with many other types of computational systems and facilities, from operating systems to applications, many different types of automated administration and management facilities have emerged, providing many different products with overlapping functionalities, but each also providing unique functionalities and capabilities. Owners, managers, and users of large-scale computer systems continue to seek methods and technologies to provide efficient and cost-effective management, administration, and development of applications within cloud-computing facilities and other large-scale computer systems.

SUMMARY

The current document is directed to an automated-application-installation subsystem that provisions, installs, and configures applications across cloud-computing providers, including applications that invoke functions provisioned and executed through a distributed-function-as-a-service feature of the automated-application-installation subsystem. The automated-application-installation subsystem employs application blueprints to identify components to provision. An application blueprint generally includes component specifications, constraints, and interdependencies. The automated-application-installation subsystem then determines a cost-effective provisioning of the identified components across available cloud-computing providers and installs the application according to the cost-effective provisioning.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 provides a general architectural diagram for various types of computers.

FIG. 2 illustrates an Internet-connected distributed computer system.

FIG. 3 illustrates cloud computing.

FIG. 4 illustrates generalized hardware and software components of a general-purpose computer system, such as a general-purpose computer system having an architecture similar to that shown in FIG. 1.

FIGS. 5A-B illustrate two types of virtual machine and virtual-machine execution environments.

FIG. 6 illustrates an OVF package.

FIG. 7 illustrates virtual data centers provided as an abstraction of underlying physical-data-center hardware components.

FIG. 8 illustrates virtual-machine components of a VI-management-server and physical servers of a physical data center above which a virtual-data-center interface is provided by the VI-management-server.

FIG. 9 illustrates a cloud-director level of abstraction.

FIG. 10 illustrates virtual-cloud-connector nodes (“VCC nodes”) and a VCC server, components of a distributed system that provides multi-cloud aggregation and that includes a cloud-connector server and cloud-connector nodes that cooperate to provide services that are distributed across multiple clouds.

FIG. 11 shows a workflow-based cloud-management facility that has been developed to provide a powerful administrative and development interface to multiple multi-tenant cloud-computing facilities.

FIG. 12 provides an architectural diagram of the workflow-execution engine and development environment.

FIGS. 13A-C illustrate the structure of a workflow.

FIGS. 14A-B include a table of different types of elements that may be included in a workflow.

FIGS. 15A-B show an example workflow.

FIGS. 16A-C illustrate an example implementation and configuration of virtual appliances within a cloud-computing facility that implement the workflow-based management and administration facilities of the above-described WFMAD.

FIGS. 16D-F illustrate the logical organization of users and user roles with respect to the infrastructure-management-and-administration facility of the WFMAD.

FIG. 17 illustrates the logical components of the infrastructure-management-and-administration facility of the WFMAD.

FIGS. 18-20B provide a high-level illustration of the architecture and operation of the automated-application-release-management facility of the WFMAD.

FIGS. 21A-D illustrate a configuration file that is used in current implementations of the above-described automated application-release-management subsystem.

FIG. 22 provides an illustration of the automated application provisioning, installation, and configuration process.

FIG. 23 graphically illustrates an application blueprint.

FIGS. 24A-F illustrate processing of the application blueprint and the types of data extracted from the application blueprint by the automated application subsystem.

FIG. 25 illustrates operation of a provisioning engine of the automated application subsystem that carries out mapping of application-blueprint-specified computational resources to allocable computational resources in one or more computing facilities within the provisioning stage of application provisioning, installation, configuration, and launching.

FIG. 26 provides a control-flow diagram for the mapping component of a provisioning engine.

FIG. 27 provides a control-flow diagram for the storage processor.

FIGS. 28 illustrates a hypothetical, generalized distributed application.

FIGS. 29A-C illustrates an implementation of the hypothetical, generalized distributed application FIG. 28.

FIG. 30 illustrates the FaaS approach to distributed-application development.

FIG. 31 illustrates a distributed application that has been implemented using a FaaS approach.

FIG. 32 shows a YAML-Ain't-Markup-Language (“YAML”) encoding of a blueprint, or portion of the blueprint, that includes a definition of a function to be instantiated through a distributed FaaS subsystem for execution by one or more FaaS services provided by one or more cloud-computing providers.

FIG. 33 illustrates modification of the provisioning engine, previously discussed with reference to FIG. 25.

FIG. 34 illustrates the currently disclosed distributed FaaS service.

FIGS. 35A-K provide control-flow diagrams that illustrate the operational behavior of the various components of the distributed FaaS service discussed above with reference to FIG. 34.

DETAILED DESCRIPTION

The current document is directed to an automated-application-installation subsystem that is extended to provide a distributed function-as-a-service capability to a workflow-based cloud-management facility. In a first subsection, below, a detailed description of computer hardware, complex computational systems, and virtualization is provided with reference to FIGS. 1-10. In a second subsection, the workflow-based cloud-management facility that includes an automated-application-release-management subsystem is discussed with reference to FIGS. 11-21D. A third subsection discusses, with reference to FIGS. 22-27, an automated-application-installation-subsystem extension to the workflow-based cloud-management facility that provisions, installs, and configures applications across cloud-computing providers. A fourth subsection discusses the currently disclosed distributed function-as-a-service capability.

Computer Hardware, Complex Computational Systems, and Virtualization

The term “abstraction” is not, in any way, intended to mean or suggest an abstract idea or concept. Computational abstractions are tangible, physical interfaces that are implemented, ultimately, using physical computer hardware, data-storage devices, and communications systems. Instead, the term “abstraction” refers, in the current discussion, to a logical level of functionality encapsulated within one or more concrete, tangible, physically-implemented computer systems with defined interfaces through which electronically encoded data is exchanged, process execution launched, and electronic services are provided. Interfaces may include graphical and textual data displayed on physical display devices as well as computer programs and routines that control physical computer processors to carry out various tasks and operations and that are invoked through electronically implemented application programming interfaces (“APIs”) and other electronically implemented interfaces. There is a tendency among those unfamiliar with modern technology and science to misinterpret the terms “abstract” and “abstraction,” when used to describe certain aspects of modern computing. For example, one frequently encounters assertions that, because a computational system is described in terms of abstractions, functional layers, and interfaces, the computational system is somehow different from a physical machine or device. Such allegations are unfounded. One only needs to disconnect a computer system or group of computer systems from their respective power supplies to appreciate the physical, machine nature of complex computer technologies. One also frequently encounters statements that characterize a computational technology as being “only software,” and thus not a machine or device. Software is essentially a sequence of encoded symbols, such as a printout of a computer program or digitally encoded computer instructions sequentially stored in a file on an optical disk or within an electromechanical mass-storage device. Software alone can do nothing. It is only when encoded computer instructions are loaded into an electronic memory within a computer system and executed on a physical processor that so-called “software-implemented” functionality is provided. The digitally encoded computer instructions are an essential and physical control component of processor-controlled machines and devices, no less essential and physical than a cam-shaft control system in an internal-combustion engine. Multi-cloud aggregations, cloud-computing services, virtual-machine containers and virtual machines, communications interfaces, and many of the other topics discussed below are tangible, physical components of physical, electro-optical-mechanical computer systems.

FIG. 1 provides a general architectural diagram for various types of computers. The computer system contains one or multiple central processing units (“CPUs”) 102-105, one or more electronic memories 108 interconnected with the CPUs by a CPU/memory-subsystem bus 110 or multiple busses, a first bridge 112 that interconnects the CPU/memory-subsystem bus 110 with additional busses 114 and 116, or other types of high-speed interconnection media, including multiple, high-speed serial interconnects. These busses or serial interconnections, in turn, connect the CPUs and memory with specialized processors, such as a graphics processor 118, and with one or more additional bridges 120, which are interconnected with high-speed serial links or with multiple controllers 122-127, such as controller 127, that provide access to various different types of mass-storage devices 128, electronic displays, input devices, and other such components, subcomponents, and computational resources. It should be noted that computer-readable data-storage devices include optical and electromagnetic disks, electronic memories, and other physical data-storage devices. Those familiar with modern science and technology appreciate that electromagnetic radiation and propagating signals do not store data for subsequent retrieval, and can transiently “store” only a byte or less of information per mile, far less information than needed to encode even the simplest of routines.

Of course, there are many different types of computer-system architectures that differ from one another in the number of different memories, including different types of hierarchical cache memories, the number of processors and the connectivity of the processors with other system components, the number of internal communications busses and serial links, and in many other ways. However, computer systems generally execute stored programs by fetching instructions from memory and executing the instructions in one or more processors. Computer systems include general-purpose computer systems, such as personal computers (“PCs”), various types of servers and workstations, and higher-end mainframe computers, but may also include a plethora of various types of special-purpose computing devices, including data-storage systems, communications routers, network nodes, tablet computers, and mobile telephones.

FIG. 2 illustrates an Internet-connected distributed computer system. As communications and networking technologies have evolved in capability and accessibility, and as the computational bandwidths, data-storage capacities, and other capabilities and capacities of various types of computer systems have steadily and rapidly increased, much of modern computing now generally involves large distributed systems and computers interconnected by local networks, wide-area networks, wireless communications, and the Internet. FIG. 2 shows a typical distributed system in which a large number of PCs 202-205, a high-end distributed mainframe system 210 with a large data-storage system 212, and a large computer center 214 with large numbers of rack-mounted servers or blade servers all interconnected through various communications and networking systems that together comprise the Internet 216. Such distributed computing systems provide diverse arrays of functionalities. For example, a PC user sitting in a home office may access hundreds of millions of different web sites provided by hundreds of thousands of different web servers throughout the world and may access high-computational-bandwidth computing services from remote computer facilities for running complex computational tasks.

Until recently, computational services were generally provided by computer systems and data centers purchased, configured, managed, and maintained by service-provider organizations. For example, an e-commerce retailer generally purchased, configured, managed, and maintained a data center including numerous web servers, back-end computer systems, and data-storage systems for serving web pages to remote customers, receiving orders through the web-page interface, processing the orders, tracking completed orders, and other myriad different tasks associated with an e-commerce enterprise.

FIG. 3 illustrates cloud computing. In the recently developed cloud-computing paradigm, computing cycles and data-storage facilities are provided to organizations and individuals by cloud-computing providers. In addition, larger organizations may elect to establish private cloud-computing facilities in addition to, or instead of, subscribing to computing services provided by public cloud-computing service providers. In FIG. 3, a system administrator for an organization, using a PC 302, accesses the organization's private cloud 304 through a local network 306 and private-cloud interface 308 and also accesses, through the Internet 310, a public cloud 312 through a public-cloud services interface 314. The administrator can, in either the case of the private cloud 304 or public cloud 312, configure virtual computer systems and even entire virtual data centers and launch execution of application programs on the virtual computer systems and virtual data centers in order to carry out any of many different types of computational tasks. As one example, a small organization may configure and run a virtual data center within a public cloud that executes web servers to provide an e-commerce interface through the public cloud to remote customers of the organization, such as a user viewing the organization's e-commerce web pages on a remote user system 316.

Cloud-computing facilities are intended to provide computational bandwidth and data-storage services much as utility companies provide electrical power and water to consumers. Cloud computing provides enormous advantages to small organizations without the resources to purchase, manage, and maintain in-house data centers. Such organizations can dynamically add and delete virtual computer systems from their virtual data centers within public clouds in order to track computational-bandwidth and data-storage needs, rather than purchasing sufficient computer systems within a physical data center to handle peak computational-bandwidth and data-storage demands. Moreover, small organizations can completely avoid the overhead of maintaining and managing physical computer systems, including hiring and periodically retraining information-technology specialists and continuously paying for operating-system and database-management-system upgrades. Furthermore, cloud-computing interfaces allow for easy and straightforward configuration of virtual computing facilities, flexibility in the types of applications and operating systems that can be configured, and other functionalities that are useful even for owners and administrators of private cloud-computing facilities used by a single organization.

FIG. 4 illustrates generalized hardware and software components of a general-purpose computer system, such as a general-purpose computer system having an architecture similar to that shown in FIG. 1. The computer system 400 is often considered to include three fundamental layers: (1) a hardware layer or level 402; (2) an operating-system layer or level 404; and (3) an application-program layer or level 406. The hardware layer 402 includes one or more processors 408, system memory 410, various different types of input-output (“I/O”) devices 410 and 412, and mass-storage devices 414. Of course, the hardware level also includes many other components, including power supplies, internal communications links and busses, specialized integrated circuits, many different types of processor-controlled or microprocessor-controlled peripheral devices and controllers, and many other components. The operating system 404 interfaces to the hardware level 402 through a low-level operating system and hardware interface 416 generally comprising a set of non-privileged computer instructions 418, a set of privileged computer instructions 420, a set of non-privileged registers and memory addresses 422, and a set of privileged registers and memory addresses 424. In general, the operating system exposes non-privileged instructions, non-privileged registers, and non-privileged memory addresses 426 and a system-call interface 428 as an operating-system interface 430 to application programs 432-436 that execute within an execution environment provided to the application programs by the operating system. The operating system, alone, accesses the privileged instructions, privileged registers, and privileged memory addresses. By reserving access to privileged instructions, privileged registers, and privileged memory addresses, the operating system can ensure that application programs and other higher-level computational entities cannot interfere with one another's execution and cannot change the overall state of the computer system in ways that could deleteriously impact system operation. The operating system includes many internal components and modules, including a scheduler 442, memory management 444, a file system 446, device drivers 448, and many other components and modules. To a certain degree, modern operating systems provide numerous levels of abstraction above the hardware level, including virtual memory, which provides to each application program and other computational entities a separate, large, linear memory-address space that is mapped by the operating system to various electronic memories and mass-storage devices. The scheduler orchestrates interleaved execution of various different application programs and higher-level computational entities, providing to each application program a virtual, stand-alone system devoted entirely to the application program. From the application program's standpoint, the application program executes continuously without concern for the need to share processor resources and other system resources with other application programs and higher-level computational entities. The device drivers abstract details of hardware-component operation, allowing application programs to employ the system-call interface for transmitting and receiving data to and from communications networks, mass-storage devices, and other I/O devices and subsystems. The file system 436 facilitates abstraction of mass-storage-device and memory resources as a high-level, easy-to-access, file-system interface. Thus, the development and evolution of the operating system has resulted in the generation of a type of multi-faceted virtual execution environment for application programs and other higher-level computational entities.

While the execution environments provided by operating systems have proved to be an enormously successful level of abstraction within computer systems, the operating-system-provided level of abstraction is nonetheless associated with difficulties and challenges for developers and users of application programs and other higher-level computational entities. One difficulty arises from the fact that there are many different operating systems that run within various different types of computer hardware. In many cases, popular application programs and computational systems are developed to run on only a subset of the available operating systems, and can therefore be executed within only a subset of the various different types of computer systems on which the operating systems are designed to run. Often, even when an application program or other computational system is ported to additional operating systems, the application program or other computational system can nonetheless run more efficiently on the operating systems for which the application program or other computational system was originally targeted. Another difficulty arises from the increasingly distributed nature of computer systems. Although distributed operating systems are the subject of considerable research and development efforts, many of the popular operating systems are designed primarily for execution on a single computer system. In many cases, it is difficult to move application programs, in real time, between the different computer systems of a distributed computer system for high-availability, fault-tolerance, and load-balancing purposes. The problems are even greater in heterogeneous distributed computer systems which include different types of hardware and devices running different types of operating systems. Operating systems continue to evolve, as a result of which certain older application programs and other computational entities may be incompatible with more recent versions of operating systems for which they are targeted, creating compatibility issues that are particularly difficult to manage in large distributed systems.

For all of these reasons, a higher level of abstraction, referred to as the “virtual machine,” has been developed and evolved to further abstract computer hardware in order to address many difficulties and challenges associated with traditional computing systems, including the compatibility issues discussed above. FIGS. 5A-B illustrate two types of virtual machine and virtual-machine execution environments. FIGS. 5A-B use the same illustration conventions as used in FIG. 4. FIG. 5A shows a first type of virtualization. The computer system 500 in FIG. 5A includes the same hardware layer 502 as the hardware layer 402 shown in FIG. 4. However, rather than providing an operating system layer directly above the hardware layer, as in FIG. 4, the virtualized computing environment illustrated in FIG. 5A features a virtualization layer 504 that interfaces through a virtualization-layer/hardware-layer interface 506, equivalent to interface 416 in FIG. 4, to the hardware. The virtualization layer provides a hardware-like interface 508 to a number of virtual machines, such as virtual machine 510, executing above the virtualization layer in a virtual-machine layer 512. Each virtual machine includes one or more application programs or other higher-level computational entities packaged together with an operating system, referred to as a “guest operating system,” such as application 514 and guest operating system 516 packaged together within virtual machine 510. Each virtual machine is thus equivalent to the operating-system layer 404 and application-program layer 406 in the general-purpose computer system shown in FIG. 4. Each guest operating system within a virtual machine interfaces to the virtualization-layer interface 508 rather than to the actual hardware interface 506. The virtualization layer partitions hardware resources into abstract virtual-hardware layers to which each guest operating system within a virtual machine interfaces. The guest operating systems within the virtual machines, in general, are unaware of the virtualization layer and operate as if they were directly accessing a true hardware interface. The virtualization layer ensures that each of the virtual machines currently executing within the virtual environment receive a fair allocation of underlying hardware resources and that all virtual machines receive sufficient resources to progress in execution. The virtualization-layer interface 508 may differ for different guest operating systems. For example, the virtualization layer is generally able to provide virtual hardware interfaces for a variety of different types of computer hardware. This allows, as one example, a virtual machine that includes a guest operating system designed for a particular computer architecture to run on hardware of a different architecture. The number of virtual machines need not be equal to the number of physical processors or even a multiple of the number of processors.

The virtualization layer includes a virtual-machine-monitor module 518 (“VMM”) that virtualizes physical processors in the hardware layer to create virtual processors on which each of the virtual machines executes. For execution efficiency, the virtualization layer attempts to allow virtual machines to directly execute non-privileged instructions and to directly access non-privileged registers and memory. However, when the guest operating system within a virtual machine accesses virtual privileged instructions, virtual privileged registers, and virtual privileged memory through the virtualization-layer interface 508, the accesses result in execution of virtualization-layer code to simulate or emulate the privileged resources. The virtualization layer additionally includes a kernel module 520 that manages memory, communications, and data-storage machine resources on behalf of executing virtual machines (“VM kernel”). The VM kernel, for example, maintains shadow page tables on each virtual machine so that hardware-level virtual-memory facilities can be used to process memory accesses. The VM kernel additionally includes routines that implement virtual communications and data-storage devices as well as device drivers that directly control the operation of underlying hardware communications and data-storage devices. Similarly, the VM kernel virtualizes various other types of I/O devices, including keyboards, optical-disk drives, and other such devices. The virtualization layer essentially schedules execution of virtual machines much like an operating system schedules execution of application programs, so that the virtual machines each execute within a complete and fully functional virtual hardware layer.

FIG. 5B illustrates a second type of virtualization. In FIG. 5B, the computer system 540 includes the same hardware layer 542 and software layer 544 as the hardware layer 402 shown in FIG. 4. Several application programs 546 and 548 are shown running in the execution environment provided by the operating system. In addition, a virtualization layer 550 is also provided, in computer 540, but, unlike the virtualization layer 504 discussed with reference to FIG. 5A, virtualization layer 550 is layered above the operating system 544, referred to as the “host OS,” and uses the operating system interface to access operating-system-provided functionality as well as the hardware. The virtualization layer 550 comprises primarily a VMM and a hardware-like interface 552, similar to hardware-like interface 508 in FIG. 5A. The virtualization-layer/hardware-layer interface 552, equivalent to interface 416 in FIG. 4, provides an execution environment for a number of virtual machines 556-558, each including one or more application programs or other higher-level computational entities packaged together with a guest operating system.

In FIGS. 5A-B, the layers are somewhat simplified for clarity of illustration. For example, portions of the virtualization layer 550 may reside within the host-operating-system kernel, such as a specialized driver incorporated into the host operating system to facilitate hardware access by the virtualization layer.

It should be noted that virtual hardware layers, virtualization layers, and guest operating systems are all physical entities that are implemented by computer instructions stored in physical data-storage devices, including electronic memories, mass-storage devices, optical disks, magnetic disks, and other such devices. The term “virtual” does not, in any way, imply that virtual hardware layers, virtualization layers, and guest operating systems are abstract or intangible. Virtual hardware layers, virtualization layers, and guest operating systems execute on physical processors of physical computer systems and control operation of the physical computer systems, including operations that alter the physical states of physical devices, including electronic memories and mass-storage devices. They are as physical and tangible as any other component of a computer since, such as power supplies, controllers, processors, busses, and data-storage devices.

A virtual machine or virtual application, described below, is encapsulated within a data package for transmission, distribution, and loading into a virtual-execution environment. One public standard for virtual-machine encapsulation is referred to as the “open virtualization format” (“OVF”). The OVF standard specifies a format for digitally encoding a virtual machine within one or more data files. FIG. 6 illustrates an OVF package. An OVF package 602 includes an OVF descriptor 604, an OVF manifest 606, an OVF certificate 608, one or more disk-image files 610-611, and one or more resource files 612-614. The OVF package can be encoded and stored as a single file or as a set of files. The OVF descriptor 604 is an XML document 620 that includes a hierarchical set of elements, each demarcated by a beginning tag and an ending tag. The outermost, or highest-level, element is the envelope element, demarcated by tags 622 and 623. The next-level element includes a reference element 626 that includes references to all files that are part of the OVF package, a disk section 628 that contains meta information about all of the virtual disks included in the OVF package, a networks section 630 that includes meta information about all of the logical networks included in the OVF package, and a collection of virtual-machine configurations 632 which further includes hardware descriptions of each virtual machine 634. There are many additional hierarchical levels and elements within a typical OVF descriptor. The OVF descriptor is thus a self-describing XML file that describes the contents of an OVF package. The OVF manifest 606 is a list of cryptographic-hash-function-generated digests 636 of the entire OVF package and of the various components of the OVF package. The OVF certificate 608 is an authentication certificate 640 that includes a digest of the manifest and that is cryptographically signed. Disk image files, such as disk image file 610, are digital encodings of the contents of virtual disks and resource files 612 are digitally encoded content, such as operating-system images. A virtual machine or a collection of virtual machines encapsulated together within a virtual application can thus be digitally encoded as one or more files within an OVF package that can be transmitted, distributed, and loaded using well-known tools for transmitting, distributing, and loading files. A virtual appliance is a software service that is delivered as a complete software stack installed within one or more virtual machines that is encoded within an OVF package.

The advent of virtual machines and virtual environments has alleviated many of the difficulties and challenges associated with traditional general-purpose computing. Machine and operating-system dependencies can be significantly reduced or entirely eliminated by packaging applications and operating systems together as virtual machines and virtual appliances that execute within virtual environments provided by virtualization layers miming on many different types of computer hardware. A next level of abstraction, referred to as virtual data centers which are one example of a broader virtual-infrastructure category, provide a data-center interface to virtual data centers computationally constructed within physical data centers. FIG. 7 illustrates virtual data centers provided as an abstraction of underlying physical-data-center hardware components. In FIG. 7, a physical data center 702 is shown below a virtual-interface plane 704. The physical data center consists of a virtual-infrastructure management server (“VI-management-server”) 706 and any of various different computers, such as PCs 708, on which a virtual-data-center management interface may be displayed to system administrators and other users. The physical data center additionally includes generally large numbers of server computers, such as server computer 710, that are coupled together by local area networks, such as local area network 712 that directly interconnects server computer 710 and 714-720 and a mass-storage array 722. The physical data center shown in FIG. 7 includes three local area networks 712, 724, and 726 that each directly interconnects a bank of eight servers and a mass-storage array. The individual server computers, such as server computer 710, each includes a virtualization layer and runs multiple virtual machines. Different physical data centers may include many different types of computers, networks, data-storage systems and devices connected according to many different types of connection topologies. The virtual-data-center abstraction layer 704, a logical abstraction layer shown by a plane in FIG. 7, abstracts the physical data center to a virtual data center comprising one or more resource pools, such as resource pools 730-732, one or more virtual data stores, such as virtual data stores 734-736, and one or more virtual networks. In certain implementations, the resource pools abstract banks of physical servers directly interconnected by a local area network.

The virtual-data-center management interface allows provisioning and launching of virtual machines with respect to resource pools, virtual data stores, and virtual networks, so that virtual-data-center administrators need not be concerned with the identities of physical-data-center components used to execute particular virtual machines. Furthermore, the VI-management-server includes functionality to migrate running virtual machines from one physical server to another in order to optimally or near optimally manage resource allocation, provide fault tolerance, and high availability by migrating virtual machines to most effectively utilize underlying physical hardware resources, to replace virtual machines disabled by physical hardware problems and failures, and to ensure that multiple virtual machines supporting a high-availability virtual appliance are executing on multiple physical computer systems so that the services provided by the virtual appliance are continuously accessible, even when one of the multiple virtual appliances becomes compute bound, data-access bound, suspends execution, or fails. Thus, the virtual data center layer of abstraction provides a virtual-data-center abstraction of physical data centers to simplify provisioning, launching, and maintenance of virtual machines and virtual appliances as well as to provide high-level, distributed functionalities that involve pooling the resources of individual physical servers and migrating virtual machines among physical servers to achieve load balancing, fault tolerance, and high availability.

FIG. 8 illustrates virtual-machine components of a VI-management-server and physical servers of a physical data center above which a virtual-data-center interface is provided by the VI-management-server. The VI-management-server 802 and a virtual-data-center database 804 comprise the physical components of the management component of the virtual data center. The VI-management-server 802 includes a hardware layer 806 and virtualization layer 808, and runs a virtual-data-center management-server virtual machine 810 above the virtualization layer. Although shown as a single server in FIG. 8, the VI-management-server (“VI management server”) may include two or more physical server computers that support multiple VI-management-server virtual appliances. The virtual machine 810 includes a management-interface component 812, distributed services 814, core services 816, and a host-management interface 818. The management interface is accessed from any of various computers, such as the PC 708 shown in FIG. 7. The management interface allows the virtual-data-center administrator to configure a virtual data center, provision virtual machines, collect statistics and view log files for the virtual data center, and to carry out other, similar management tasks. The host-management interface 818 interfaces to virtual-data-center agents 824, 825, and 826 that execute as virtual machines within each of the physical servers of the physical data center that is abstracted to a virtual data center by the VI management server.

The distributed services 814 include a distributed-resource scheduler that assigns virtual machines to execute within particular physical servers and that migrates virtual machines in order to most effectively make use of computational bandwidths, data-storage capacities, and network capacities of the physical data center. The distributed services further include a high-availability service that replicates and migrates virtual machines in order to ensure that virtual machines continue to execute despite problems and failures experienced by physical hardware components. The distributed services also include a live-virtual-machine migration service that temporarily halts execution of a virtual machine, encapsulates the virtual machine in an OVF package, transmits the OVF package to a different physical server, and restarts the virtual machine on the different physical server from a virtual-machine state recorded when execution of the virtual machine was halted. The distributed services also include a distributed backup service that provides centralized virtual-machine backup and restore.

The core services provided by the VI management server include host configuration, virtual-machine configuration, virtual-machine provisioning, generation of virtual-data-center alarms and events, ongoing event logging and statistics collection, a task scheduler, and a resource-management module. Each physical server 820-822 also includes a host-agent virtual machine 828-830 through which the virtualization layer can be accessed via a virtual-infrastructure application programming interface (“API”). This interface allows a remote administrator or user to manage an individual server through the infrastructure API. The virtual-data-center agents 824-826 access virtualization-layer server information through the host agents. The virtual-data-center agents are primarily responsible for offloading certain of the virtual-data-center management-server functions specific to a particular physical server to that physical server. The virtual-data-center agents relay and enforce resource allocations made by the VI management server, relay virtual-machine provisioning and configuration-change commands to host agents, monitor and collect performance statistics, alai ins, and events communicated to the virtual-data-center agents by the local host agents through the interface API, and to carry out other, similar virtual-data-management tasks.

The virtual-data-center abstraction provides a convenient and efficient level of abstraction for exposing the computational resources of a cloud-computing facility to cloud-computing-infrastructure users. A cloud-director management server exposes virtual resources of a cloud-computing facility to cloud-computing-infrastructure users. In addition, the cloud director introduces a multi-tenancy layer of abstraction, which partitions virtual data centers (“VDCs”) into tenant-associated VDCs that can each be allocated to a particular individual tenant or tenant organization, both referred to as a “tenant.” A given tenant can be provided one or more tenant-associated VDCs by a cloud director managing the multi-tenancy layer of abstraction within a cloud-computing facility. The cloud services interface (308 in FIG. 3) exposes a virtual-data-center management interface that abstracts the physical data center.

FIG. 9 illustrates a cloud-director level of abstraction. In FIG. 9, three different physical data centers 902-904 are shown below planes representing the cloud-director layer of abstraction 906-908. Above the planes representing the cloud-director level of abstraction, multi-tenant virtual data centers 910-912 are shown. The resources of these multi-tenant virtual data centers are securely partitioned in order to provide secure virtual data centers to multiple tenants, or cloud-services-accessing organizations. For example, a cloud-services-provider virtual data center 910 is partitioned into four different tenant-associated virtual-data centers within a multi-tenant virtual data center for four different tenants 916-919. Each multi-tenant virtual data center is managed by a cloud director comprising one or more cloud-director servers 920-922 and associated cloud-director databases 924-926. Each cloud-director server or servers runs a cloud-director virtual appliance 930 that includes a cloud-director management interface 932, a set of cloud-director services 934, and a virtual-data-center management-server interface 936. The cloud-director services include an interface and tools for provisioning multi-tenant virtual data center virtual data centers on behalf of tenants, tools and interfaces for configuring and managing tenant organizations, tools and services for organization of virtual data centers and tenant-associated virtual data centers within the multi-tenant virtual data center, services associated with template and media catalogs, and provisioning of virtualization networks from a network pool. Templates are virtual machines that each contains an OS and/or one or more virtual machines containing applications. A template may include much of the detailed contents of virtual machines and virtual appliances that are encoded within OVF packages, so that the task of configuring a virtual machine or virtual appliance is significantly simplified, requiring only deployment of one OVF package. These templates are stored in catalogs within a tenant's virtual-data center. These catalogs are used for developing and staging new virtual appliances and published catalogs are used for sharing templates in virtual appliances across organizations. Catalogs may include OS images and other information relevant to construction, distribution, and provisioning of virtual appliances.

Considering FIGS. 7 and 9, the VI management server and cloud-director layers of abstraction can be seen, as discussed above, to facilitate employment of the virtual-data-center concept within private and public clouds. However, this level of abstraction does not fully facilitate aggregation of single-tenant and multi-tenant virtual data centers into heterogeneous or homogeneous aggregations of cloud-computing facilities.

FIG. 10 illustrates virtual-cloud-connector nodes (“VCC nodes”) and a VCC server, components of a distributed system that provides multi-cloud aggregation and that includes a cloud-connector server and cloud-connector nodes that cooperate to provide services that are distributed across multiple clouds. VMware vCloud™ VCC servers and nodes are one example of VCC server and nodes. In FIG. 10, seven different cloud-computing facilities are illustrated 1002-1008. Cloud-computing facility 1002 is a private multi-tenant cloud with a cloud director 1010 that interfaces to a VI management server 1012 to provide a multi-tenant private cloud comprising multiple tenant-associated virtual data centers. The remaining cloud-computing facilities 1003-1008 may be either public or private cloud-computing facilities and may be single-tenant virtual data centers, such as virtual data centers 1003 and 1006, multi-tenant virtual data centers, such as multi-tenant virtual data centers 1004 and 1007-1008, or any of various different kinds of third-party cloud-services facilities, such as third-party cloud-services facility 1005. An additional component, the VCC server 1014, acting as a controller is included in the private cloud-computing facility 1002 and interfaces to a VCC node 1016 that runs as a virtual appliance within the cloud director 1010. A VCC server may also run as a virtual appliance within a VI management server that manages a single-tenant private cloud. The VCC server 1014 additionally interfaces, through the Internet, to VCC node virtual appliances executing within remote VI management servers, remote cloud directors, or within the third-party cloud services 1018-1023. The VCC server provides a VCC server interface that can be displayed on a local or remote terminal, PC, or other computer system 1026 to allow a cloud-aggregation administrator or other user to access VCC-server-provided aggregate-cloud distributed services. In general, the cloud-computing facilities that together form a multiple-cloud-computing aggregation through distributed services provided by the VCC server and VCC nodes are geographically and operationally distinct.

Workflow-Based Cloud Management Including an Automated-Application-Release-Management Subsystem

FIG. 11 shows workflow-based cloud-management facility that has been developed to provide a powerful administrative and development interface to multiple multi-tenant cloud-computing facilities. The workflow-based management, administration, and development facility (“WFMAD”) is used to manage and administer cloud-computing aggregations, such as those discussed above with reference to FIG. 10, cloud-computing aggregations, such as those discussed above with reference to FIG. 9, and a variety of additional types of cloud-computing facilities as well as to deploy applications and continuously and automatically release complex applications on various types of cloud-computing aggregations. As shown in FIG. 11, the WFMAD 1102 is implemented above the physical hardware layers 1104 and 1105 and virtual data centers 1106 and 1107 of a cloud-computing facility or cloud-computing-facility aggregation. The WFMAD includes a workflow-execution engine and development environment 1110, an application-deployment facility 1112, an infrastructure-management-and-administration facility 1114, and an automated-application-release-management facility 1116. The workflow-execution engine and development environment 1110 provides an integrated development environment for constructing, validating, testing, and executing graphically expressed workflows, discussed in detail below. Workflows are high-level programs with many built-in functions, scripting tools, and development tools and graphical interfaces. Workflows provide an underlying foundation for the infrastructure-management-and-administration facility 1114, the application-development facility 1112, and the automated-application-release-management facility 1116. The infrastructure-management-and-administration facility 1114 provides a powerful and intuitive suite of management and administration tools that allow the resources of a cloud-computing facility or cloud-computing-facility aggregation to be distributed among clients and users of the cloud-computing facility or facilities and to be administered by a hierarchy of general and specific administrators. The infrastructure-management-and-administration facility 1114 provides interfaces that allow service architects to develop various types of services and resource descriptions that can be provided to users and clients of the cloud-computing facility or facilities, including many management and administrative services and functionalities implemented as workflows. The application-deployment facility 1112 provides an integrated application-deployment environment to facilitate building and launching complex cloud-resident applications on the cloud-computing facility or facilities. The application-deployment facility provides access to one or more artifact repositories that store and logically organize binary files and other artifacts used to build complex cloud-resident applications as well as access to automated tools used, along with workflows, to develop specific automated application-deployment tools for specific cloud-resident applications. The automated-application-release-management facility 1116 provides workflow-based automated release-management tools that enable cloud-resident-application developers to continuously generate application releases produced by automated deployment, testing, and validation functionalities. Thus, the WFMAD 1102 provides a powerful, programmable, and extensible management, administration, and development platform to allow cloud-computing facilities and cloud-computing-facility aggregations to be used and managed by organizations and teams of individuals.

Next, the workflow-execution engine and development environment are discussed in greater detail. FIG. 12 provides an architectural diagram of the workflow-execution engine and development environment. The workflow-execution engine and development environment 1202 includes a workflow engine 1204, which executes workflows to carry out the many different administration, management, and development tasks encoded in workflows that comprise the functionalities of the WFMAD. The workflow engine, during execution of workflows, accesses many built-in tools and functionalities provided by a workflow library 1206. In addition, both the routines and functionalities provided by the workflow library and the workflow engine access a wide variety of tools and computational facilities, provided by a wide variety of third-party providers, through a large set of plug-ins 1208-1214. Note that the ellipses 1216 indicate that many additional plug-ins provide, to the workflow engine and workflow-library routines, access to many additional third-party computational resources. Plug-in 1208 provides for access, by the workflow engine and workflow-library routines, to a cloud-computing-facility or cloud-computing-facility-aggregation management server, such as a cloud director (920 in FIG. 9) or VCC server (1014 in FIG. 10). The XML plug-in 1209 provides access to a complete document object model (“DOM”) extensible markup language (“XML”) parser. The SSH plug-in 1210 provides access to an implementation of the Secure Shell v2 (“SSH-2”) protocol. The structured query language (“SQL”) plug-in 1211 provides access to a Java database connectivity (“JDBC”) API that, in turn, provides access to a wide range of different types of databases. The simple network management protocol (“SNMP”) plug-in 1212 provides access to an implementation of the SNMP protocol that allows the workflow-execution engine and development environment to connect to, and receive information from, various SNMP-enabled systems and devices. The hypertext transfer protocol (“HTTP”)/representational state transfer (“REST”) plug-in 1213 provides access to REST web services and hosts. The PowerShell plug-in 1214 allows the workflow-execution engine and development environment to manage PowerShell hosts and run custom PowerShell operations. The workflow engine 1204 additionally accesses directory services 1216, such as a lightweight directory access protocol (“LDAP”) directory, that maintain distributed directory information and manages password-based user login. The workflow engine also accesses a dedicated database 1218 in which workflows and other information are stored. The workflow-execution engine and development environment can be accessed by clients running a client application that interfaces to a client interface 1220, by clients using web browsers that interface to a browser interface 1222, and by various applications and other executables running on remote computers that access the workflow-execution engine and development environment using a REST or small-object-access protocol (“SOAP”) via a web-services interface 1224. The client application that runs on a remote computer and interfaces to the client interface 1220 provides a powerful graphical user interface that allows a client to develop and store workflows for subsequent execution by the workflow engine. The user interface also allows clients to initiate workflow execution and provides a variety of tools for validating and debugging workflows. Workflow execution can be initiated via the browser interface 1222 and web-services interface 1224. The various interfaces also provide for exchange of data output by workflows and input of parameters and data to workflows.

FIGS. 13A-C illustrate the structure of a workflow. A workflow is a graphically represented high-level program. FIG. 13A shows the main logical components of a workflow. These components include a set of one or more input parameters 1302 and a set of one or more output parameters 1304. In certain cases, a workflow may not include input and/or output parameters, but, in general, both input parameters and output parameters are defined for each workflow. The input and output parameters can have various different data types, with the values for a parameter depending on the data type associated with the parameter. For example, a parameter may have a string data type, in which case the values for the parameter can include any alphanumeric string or Unicode string of up to a maximum length. A workflow also generally includes a set of parameters 1306 that store values manipulated during execution of the workflow. This set of parameters is similar to a set of global variables provided by many common programming languages. In addition, attributes can be defined within individual elements of a workflow, and can be used to pass values between elements. In FIG. 13A, for example, attributes 1308-1309 are defined within element 1310 and attributes 1311, 1312, and 1313 are defined within elements 1314, 1315, and 1316, respectively. Elements, such as elements 1318, 1310, 1320, 1314-1316, and 1322 in FIG. 13A, are the execution entities within a workflow. Elements are equivalent to one or a combination of common constructs in programming languages, including subroutines, control structures, error handlers, and facilities for launching asynchronous and synchronous procedures. Elements may correspond to script routines, for example, developed to carry out an almost limitless number of different computational tasks. Elements are discussed, in greater detail, below.

As shown in FIG. 13B, the logical control flow within a workflow is specified by links, such as link 1330 which indicates that element 1310 is executed following completion of execution of element 1318. In FIG. 13B, links between elements are represented as single-headed arrows. Thus, links provide the logical ordering that is provided, in a common programming language, by the sequential ordering of statements. Finally, as shown in FIG. 13C, bindings that bind input parameters, output parameters, and attributes to particular roles with respect to elements specify the logical data flow in a workflow. In FIG. 13C, single-headed arrows, such as single-headed arrow 1332, represent bindings between elements and parameters and attributes. For example, bindings 1332 and 1333 indicate that the values of the first input parameters 1334 and 1335 are input to element 1318. Thus, the first two input parameters 1334-1335 play similar roles as arguments to functions in a programming language. As another example, the bindings represented by arrows 1336-1338 indicate that element 1318 outputs values that are stored in the first three attributes 1339, 1340, and 1341 of the set of attributes 1306.

Thus, a workflow is a graphically specified program, with elements representing executable entities, links representing logical control flow, and bindings representing logical data flow. A workflow can be used to specific arbitrary and arbitrarily complex logic, in a similar fashion as the specification of logic by a compiled, structured programming language, an interpreted language, or a script language.

FIGS. 14A-B include a table of different types of elements that may be included in a workflow. Workflow elements may include a start-workflow element 1402 and an end-workflow element 1404, examples of which include elements 1318 and 1322, respectively, in FIG. 13A. Decision workflow elements 1406-1407, an example of which is element 1317 in FIG. 13A, function as an if-then-else construct commonly provided by structured programming languages. Scriptable-task elements 1408 are essentially script routines included in a workflow. A user-interaction element 1410 solicits input from a user during workflow execution. Waiting-timer and waiting-event elements 1412-1413 suspend workflow execution for a specified period of time or until the occurrence of a specified event. Thrown-exception elements 1414 and error-handling elements 1415-1416 provide functionality commonly provided by throw-catch constructs in common programming languages. A switch element 1418 dispatches control to one of multiple paths, similar to switch statements in common programming languages, such as C and C++. A foreach element 1420 is a type of iterator. External workflows can be invoked from a currently executing workflow by a workflow element 1422 or asynchronous-workflow element 1423. An action element 1424 corresponds to a call to a workflow-library routine. A workflow-note element 1426 represents a comment that can be included within a workflow. External workflows can also be invoked by schedule-workflow and nested-workflows elements 1428 and 1429.

FIGS. 15A-B show an example workflow. The workflow shown in FIG. 15A is a virtual-machine-starting workflow that prompts a user to select a virtual machine to start and provides an email address to receive a notification of the outcome of workflow execution. The prompts are defined as input parameters. The workflow includes a start-workflow element 1502 and an end-workflow element 1504. The decision element 1506 checks to see whether or not the specified virtual machine is already powered on. When the VM is not already powered on, control flows to a start-VM action 1508 that calls a workflow-library function to launch the VM. Otherwise, the fact that the VM was already powered on is logged, in an already-started scripted element 1510. When the start operation fails, a start-VM-failed scripted element 1512 is executed as an exception handler and initializes an email message to report the failure. Otherwise, control flows to a vim3WaitTaskEnd action element 1514 that monitors the VM-starting task. A timeout exception handler is invoked when the start-VM task does not finish within a specified time period. Otherwise, control flows to a vim3WaitToolsStarted task 1518 which monitors starting of a tools application on the virtual machine. When the tools application fails to start, then a second timeout exception handler is invoked 1520. When all the tasks successfully complete, an OK scriptable task 1522 initializes an email body to report success. The email that includes either an error message or a success message is sent in the send-email scriptable task 1524. When sending the email fails, an email exception handler 1526 is called. The already-started, OK, and exception-handler scriptable elements 1510, 1512, 1516, 1520, 1522, and 1526 all log entries to a log file to indicate various conditions and errors. Thus, the workflow shown in FIG. 15A is a simple workflow that allows a user to specify a VM for launching to run an application.

FIG. 15B shows the parameter and attribute bindings for the workflow shown in FIG. 15A. The VM to start and the address to send the email are shown as input parameters 1530 and 1532. The VM to start is input to decision element 1506, start-VM action element 1508, the exception handlers 1512, 1516, 1520, and 1526, the send-email element 1524, the OK element 1522, and the vim3WaitToolsStarted element 1518. The email address furnished as input parameter 1532 is input to the email exception handler 1526 and the send-email element 1524. The VM-start task 1508 outputs an indication of the power on task initiated by the element in attribute 1534 which is input to the vim3WaitTaskEnd action element 1514. Other attribute bindings, input, and outputs are shown in FIG. 15B by additional arrows.

FIGS. 16A-C illustrate an example implementation and configuration of virtual appliances within a cloud-computing facility that implement the workflow-based management and administration facilities of the above-described WFMAD. FIG. 16A shows a configuration that includes the workflow-execution engine and development environment 1602, a cloud-computing facility 1604, and the infrastructure-management-and-administration facility 1606 of the above-described WFMAD. Data and information exchanges between components are illustrated with arrows, such as arrow 1608, labeled with port numbers indicating inbound and outbound ports used for data and information exchanges. FIG. 16B provides a table of servers, the services provided by the server, and the inbound and outbound ports associated with the server. Table 16C indicates the ports balanced by various load balancers shown in the configuration illustrated in FIG. 16A. It can be easily ascertained from FIGS. 16A-C that the WFMAD is a complex, multi-virtual-appliance/virtual-server system that executes on many different physical devices of a physical cloud-computing facility.

FIGS. 16D-F illustrate the logical organization of users and user roles with respect to the infrastructure-management-and-administration facility of the WFMAD (1114 in FIG. 11). FIG. 16D shows a single-tenant configuration, FIG. 16E shows a multi-tenant configuration with a single default-tenant infrastructure configuration, and FIG. 16F shows a multi-tenant configuration with a multi-tenant infrastructure configuration. A tenant is an organizational unit, such as a business unit in an enterprise or company that subscribes to cloud services from a service provider. When the infrastructure-management-and-administration facility is initially deployed within a cloud-computing facility or cloud-computing-facility aggregation, a default tenant is initially configured by a system administrator. The system administrator designates a tenant administrator for the default tenant as well as an identity store, such as an active-directory server, to provide authentication for tenant users, including the tenant administrator. The tenant administrator can then designate additional identity stores and assign roles to users or groups of the tenant, including business groups, which are sets of users that correspond to a department or other organizational unit within the organization corresponding to the tenant. Business groups are, in turn, associated with a catalog of services and infrastructure resources. Users and groups of users can be assigned to business groups. The business groups, identity stores, and tenant administrator are all associated with a tenant configuration. A tenant is also associated with a system and infrastructure configuration. The system and infrastructure configuration includes a system administrator and an infrastructure fabric that represents the virtual and physical computational resources allocated to the tenant and available for provisioning to users. The infrastructure fabric can be partitioned into fabric groups, each managed by a fabric administrator. The infrastructure fabric is managed by an infrastructure-as-a-service (“IAAS”) administrator. Fabric-group computational resources can be allocated to business groups by using reservations.

FIG. 16D shows a single-tenant configuration for an infrastructure-management-and-administration facility deployment within a cloud-computing facility or cloud-computing-facility aggregation. The configuration includes a tenant configuration 1620 and a system and infrastructure configuration 1622. The tenant configuration 1620 includes a tenant administrator 1624 and several business groups 1626-1627, each associated with a business-group manager 1628-1629, respectively. The system and infrastructure configuration 1622 includes a system administrator 1630, an infrastructure fabric 1632 managed by an IAAS administrator 1633, and three fabric groups 1635-1637, each managed by a fabric administrator 1638-1640, respectively. The computational resources represented by the fabric groups are allocated to business groups by a reservation system, as indicated by the lines between business groups and reservation blocks, such as line 1642 between reservation block 1643 associated with fabric group 1637 and the business group 1626.

FIG. 16E shows a multi-tenant single-tenant-system-and-infrastructure-configuration deployment for an infrastructure-management-and-administration facility of the WFMAD. In this configuration, there are three different tenant organizations, each associated with a tenant configuration 1646-1648. Thus, following configuration of a default tenant, a system administrator creates additional tenants for different organizations that together share the computational resources of a cloud-computing facility or cloud-computing-facility aggregation. In general, the computational resources are partitioned among the tenants so that the computational resources allocated to any particular tenant are segregated from and inaccessible to the other tenants. In the configuration shown in FIG. 16E, there is a single default-tenant system and infrastructure configuration 1650, as in the previously discussed configuration shown in FIG. 16D.

FIG. 16F shows a multi-tenant configuration in which each tenant manages its own infrastructure fabric. As in the configuration shown in FIG. 16E, there are three different tenants 1654-1656 in the configuration shown in FIG. 16F. However, each tenant is associated with its own fabric group 1658-1660, respectively, and each tenant is also associated with an infrastructure-fabric IAAS administrator 1662-1664, respectively. A default-tenant system configuration 1666 is associated with a system administrator 1668 who administers the infrastructure fabric, as a whole.

System administrators, as mentioned above, generally install the WFMAD within a cloud-computing facility or cloud-computing-facility aggregation, create tenants, manage system-wide configuration, and are generally responsible for insuring availability of WFMAD services to users, in general. IAAS administrators create fabric groups, configure virtualization proxy agents, and manage cloud service accounts, physical machines, and storage devices. Fabric administrators manage physical machines and computational resources for their associated fabric groups as well as reservations and reservation policies through which the resources are allocated to business groups. Tenant administrators configure and manage tenants on behalf of organizations. They manage users and groups within the tenant organization, track resource usage, and may initiate reclamation of provisioned resources. Service architects create blueprints for items stored in user service catalogs which represent services and resources that can be provisioned to users. The infrastructure-management-and-administration facility defines many additional roles for various administrators and users to manage provision of services and resources to users of cloud-computing facilities and cloud-computing facility aggregations.

FIG. 17 illustrates the logical components of the infrastructure-management-and-administration facility (1114 in FIG. 11) of the WFMAD. As discussed above, the WFMAD is implemented within, and provides a management and development interface to, one or more cloud-computing facilities 1702 and 1704. The computational resources provided by the cloud-computing facilities, generally in the form of virtual servers, virtual storage devices, and virtual networks, are logically partitioned into fabrics 1706-1708. Computational resources are provisioned from fabrics to users. For example, a user may request one or more virtual machines running particular applications. The request is serviced by allocating the virtual machines from a particular fabric on behalf of the user. The services, including computational resources and workflow-implemented tasks, which a user may request provisioning of, are stored in a user service catalog, such as user service catalog 1710, that is associated with particular business groups and tenants. In FIG. 17, the items within a user service catalog are internally partitioned into categories, such as the two categories 1712 and 1714 and separated logically by vertical dashed line 1716. User access to catalog items is controlled by entitlements specific to business groups. Business group managers create entitlements that specify which users and groups within the business group can access particular catalog items. The catalog items are specified by service-architect-developed blueprints, such as blueprint 1718 for service 1720. The blueprint is a specification for a computational resource or task-service and the service itself is implemented by a workflow that is executed by the workflow-execution engine on behalf of a user.

FIGS. 18-20B provide a high-level illustration of the architecture and operation of the automated-application-release-management facility (1116 in FIG. 11) of the WFMAD. The application-release management process involves storing, logically organizing, and accessing a variety of different types of binary files and other files that represent executable programs and various types of data that are assembled into complete applications that are released to users for running on virtual servers within cloud-computing facilities. Previously, releases of new version of applications may have occurred over relatively long time intervals, such as biannually, yearly, or at even longer intervals. Minor versions were released at shorter intervals. However, more recently, automated application-release management has provided for continuous release at relatively short intervals in order to provide new and improved functionality to clients as quickly and efficiently as possible.

FIG. 18 shows main components of the automated-application-release-management facility (1116 in FIG. 11). The automated-application-release-management component provides a dashboard user interface 1802 to allow release managers and administrators to launch release pipelines and monitor their progress. The dashboard may visually display a graphically represented pipeline 1804 and provide various input features 1806-1812 to allow a release manager or administrator to view particular details about an executing pipeline, create and edit pipelines, launch pipelines, and generally manage and monitor the entire application-release process. The various binary files and other types of information needed to build and test applications are stored in an artifact-management component 1820. An automated-application-release-management controller 1824 sequentially initiates execution of various workflows that together implement a release pipeline and serves as an intermediary between the dashboard user interface 1802 and the workflow-execution engine 1826.

FIG. 19 illustrates a release pipeline. The release pipeline is a sequence of stages 1902-1907 that each comprises a number of sequentially executed tasks, such as the tasks 1910-1914 shown in inset 1916 that together compose stage 1903. In general, each stage is associated with gating rules that are executed to determine whether or not execution of the pipeline can advance to a next, successive stage. Thus, in FIG. 19, each stage is shown with an output arrow, such as output arrow 1920, that leads to a conditional step, such as conditional step 1922, representing the gating rules. When, as a result of execution of tasks within the stage, application of the gating rules to the results of the execution of the tasks indicates that execution should advance to a next stage, then any final tasks associated with the currently executing stage are completed and pipeline execution advances to a next stage. Otherwise, as indicated by the vertical lines emanating from the conditional steps, such as vertical line 1924 emanating from conditional step 1922, pipeline execution may return to re-execute the current stage or a previous stage, often after developers have supplied corrected binaries, missing data, or taken other steps to allow pipeline execution to advance.

FIGS. 20A-B provide control-flow diagrams that indicate the general nature of dashboard and automated-application-release-management-controller operation. FIG. 20A shows a partial control-flow diagram for the dashboard user interface. In step 2002, the dashboard user interface waits for a next event to occur. When the next occurring event is input, by a release manager, to the dashboard to direct launching of an execution pipeline, as determined in step 2004, then the dashboard calls a launch-pipeline routine 2006 to interact with the automated-application-release-management controller to initiate pipeline execution. When the next-occurring event is reception of a pipeline task-completion event generated by the automated-application-release-management controller, as determined in step 2008, then the dashboard updates the pipeline-execution display panel within the user interface via a call to the routine “update pipeline execution display panel” in step 2010. There are many other events that the dashboard responds to, as represented by ellipses 2011, including many additional types of user input and many additional types of events generated by the automated-application-release-management controller that the dashboard responds to by altering the displayed user interface. A default handler 2012 handles rare or unexpected events. When there are more events queued for processing by the dashboard, as determined in step 2014, then control returns to step 2004. Otherwise, control returns to step 2002 where the dashboard waits for another event to occur.

FIG. 20B shows a partial control-flow diagram for the automated application-release-management controller. The control-flow diagram represents an event loop, similar to the event loop described above with reference to FIG. 20A. In step 2020, the automated application-release-management controller waits for a next event to occur. When the event is a call from the dashboard user interface to execute a pipeline, as determined in step 2022, then a routine is called, in step 2024, to initiate pipeline execution via the workflow-execution engine. When the next-occurring event is a pipeline-execution event generated by a workflow, as determined in step 2026, then a pipeline-execution-event routine is called in step 2028 to inform the dashboard of a status change in pipeline execution as well as to coordinate next steps for execution by the workflow-execution engine. Ellipses 2029 represent the many additional types of events that are handled by the event loop. A default handler 2030 handles rare and unexpected events. When there are more events queued for handling, as determined in step 2032, control returns to step 2022. Otherwise, control returns to step 2020 where the automated application-release-management controller waits for a next event to occur.

FIGS. 21A-D illustrate a configuration file that is used in current implementations of the above-described automated application-release-management subsystem. As with many types of complex cloud-implemented systems, use of the automated application-release-management subsystem involves configuring one or more cloud-computing facilities in advance of pipeline execution. Configuration involves allocating various types of cloud-provided computational resources to support execution of the various stages and tasks of and application-release-management pipeline. For example, when testing involves instantiating virtual machines on large numbers of virtual servers within a cloud-computing facility, VM-execution-environment computational resources need to be allocated and reserved, according to specified parameters, such as virtualization-layer type, virtual hardware configuration and capacity, connectivity, and other such parameters. Configuration may also involve allocating and reserving sufficient internal networking capacity and data-storage capacity and specifying any of many different third-party plug-ins that interface to the above-described plug-in framework to provide the many different executables and subsystems needed for application testing and application-release management.

FIGS. 21A-B provide a JSON-like example of a configuration file that is submitted, via the dashboard UI or through various types of command-line interfaces, to the automated application-release-management subsystem prior to launching pipeline execution. Configuration files may be encoded in JSON, XML, YAML, or any of many other different types of structured information encodings. These encodings are hierarchical in nature and organized much like an outline or table of contents.

FIG. 21A shows a portion of a pipeline configuration. In JSON, information is encoded as key/value pairs, with the value component including numeric values, string values, and more complex object and array values. The pair of outer brackets 2102-2103 indicate that the configuration file includes the encoding of a JSON object. The key “Pipeline Configuration” 2104 represents the entire configuration for a pipeline, and the value is a nested JSON object delimited by curly brackets 2105 and 2106. The pipeline configuration includes the next-lower-level keys “Data Storage” 2107, “Network” 2108, and “Stages” 2109. The data storage object includes two objects 2110 and 2111 that represent databases. A key/value-pair list specifies, for each database, the type of database 2112, the data-storage capacity needed 2113, whether or not the database is a high-availability database 2114, whether the database is mirrored 2115, and whether the database is backed up 2116. A similar list of key/value pairs 2117 specifies attributes of the single local network 2118 included in the network object. The object “Stages” 2109 includes a nested stage object for each stage within the pipeline, including stages 2119 and 2120.

FIG. 21B shows a JSON-like stage configuration which could be substituted for one of the sets of ellipses 2121 and 2122 in FIG. 21A. The nesting of objects within a JSON-like configuration file may be arbitrarily deep. The encoding pattern for the stage configuration is similar to that for the pipeline configuration, shown in FIG. 21A. Second-level keys include stage type 2124, virtual apps 2125, plug-ins 2126, and tasks 2127. Each task may include further elaborated task configurations, as represented by ellipses 2128 and 2129.

FIG. 21C shows a simplified, more abstract representation of a pipeline configuration file. The pipeline configuration 2130 is represented as a set of nested rectangles, each rectangle representing an object. The “Data Storage” object 2132 includes two database objects 2134 and 2136, each of which includes a type key/value pair 2138 and 2140 along with many additional key/value pairs and possibly objects, represented by ellipses 2142 and 2144. The pipeline-configuration objects also include a “Network” object 2146 and a “Stages” object 2148. This illustration convention is used in subsequent illustrations.

FIG. 21D provides a control-flow diagram for a routine “pre-configure” that is called, by either the automated application-release-management controller, in certain implementations, or executed as an initial task or sub-task by the workflow-execution engine, in other implementations, to process a configuration file submitted to the automated application-release-management controller in advance of execution of an application-release pipeline. In step 2150, the routine “pre-configure” receives a configuration file. In step 2152, the routine “pre-configuration” parses the received configuration file to identify each pipeline, stage, and task configuration included in the configuration file. When parsing of the configuration file succeeds, as determined in step 2154, then, in the for-loop of steps 2156-2159, the routine “pre-configure” carries out any pre-processing of the identified configurations, in step 2157, and then, in step 2158, places each pre-processed configuration in memory and/or one or more repositories that are accessible to the application-release-management controller and/or workflow-execution engine. Pre-processing may involve replacing certain terms with more specific or context-correct terms, such as replacing a generalized specification for a Linux operating-system environment by a term or phrase representing a specific Linux operating-system product available within the distributed computer system. Pre-processing may also replace formal parameters with context-specific parameter values and, in certain cases, reformat a configuration into a canonical format recognized by the automated application-release-management controller and/or workflow-execution engine. The general non-stage, pipeline objects within a pipeline configuration, such as the Data Storage and Network objects in FIG. 21A, may be used for general configuration prior to execution of a pipeline, while stage-configuration objects may be processed and used for stage-specific configuration prior to execution of individual stages within the pipeline. Similarly, task configurations may be processed and used to configure tasks prior to execution of tasks within stages.

Workflow-Implemented Automated Application Provisioning, Installation, and Configuration Subsystem

The above-discussed workflow-based management, administration, and development facility (“WFMAD”) has been extended to provide a workflow-implemented automated application provisioning, installation, and configuration subsystem that provisions, installs, configures, and launches cloud-computing applications across one or more cloud-computing-provider computing facilities and local, private data centers. As discussed above, the WFMAD employs configuration files to allocate and configure computational resources prior to launching pipeline execution. In a similar fashion, the automated application provisioning, installation, and configuration subsystem (“automated application subsystem”) provides for application-blueprint generation through a graphical user interface, analogous to generation of configuration files for pipelines, and provides for automated provisioning, installation, and configuration of applications according to previously generated application blueprints.

FIG. 22 provides an illustration of the automated application provisioning, installation, and configuration process. The application provisioning, installation, and configuration process receives an application blueprint, as input. The application blueprint may be input from an application-blueprint-generation component of the automated application subsystem, as represented by arrow 2202, or can be input from an application-blueprint previously generated and stored within an application-blueprint-storage component of the automated application subsystem, as represented by arrow 2204. Application-blueprint generation is generally invoked by a user 2206. Users may include system administrators, application developers, and other human users. In one implementation, application-blueprint generation is carried out through a graphical user interface, through which users define an application in terms of various application components and computational resources that support the components or to which the application components map, including the application executable or executables, and computational resources used and/or instantiated on behalf of application instances, such as storage resources, CPU/memory resources, network resources, virtual machines, and virtualization layers. The automated application provisioning, installation, and configuration process can be invoked either by a human user 2206 or by various computational entities 2208, including, for example, executing script files that configure a computer system or computer systems within a distributed computer system following power up or rebooting.

The automated application provisioning, installation, and configuration process begins with provisioning computational resources 2210 in accordance with the input application blueprint. During provisioning, the automated application subsystem processes the application blueprint to determine the computational resources that need to be allocated and/or instantiated in order to install and execute the application. In addition, the automated application subsystem determines the specifications for these computational resources and various types of constraints and dependencies related to computational resources. Then, the automated application subsystem maps the blueprint-specified computational resources to available computational resources provided by various cloud-computing providers and by a local data center, when computational resources are locally available for allocation. Once the mapping is complete, the automated application subsystem automatically installs the application by allocating the needed computational resources and downloading application executables to the cloud-computing-provider and/or local host systems on which they will run, in an installation stage 2212 of the process. During a configuration stage 2214, the automated application subsystem carries out any pre-execution configurations needed to prepare for application execution. Pre-execution configuration may involve, for example, distribution of configuration files, scripts, and data-containing files to cloud-computing-provider systems providing computational components for application execution and may involve modification or generation of these files and scripts prior to distribution. Once the application is installed and initially configured, the automated application subsystem launches execution of the application in an execution-initiation phase 2216. Finally, in certain implementations, the automated application subsystem may continuously monitor and manage the running application, in a final phase 2218, until the application execution terminates 2220 as a result of any of various events. Particular implementations of automated application subsystem may provide only a subset of the stages shown in FIG. 22.

FIG. 23 graphically illustrates an application blueprint. An application blueprint 100 is a layout for an application running within one or more cloud-provider facilities and/or other computing systems that includes a specification of the various computational resources needed to support execution of one or more application instances, constraints associated with individual computational resources and application components, interdependencies between and among the computational resources and application components and other information needed by the automated application subsystem to carry out automated application-provisioning, installation, and configuration, as discussed above with reference to FIG. 22. In certain implementations, an application blueprint specifies, for a multi-instance application, the number of discrete computing facilities 2302 and 2309 on which to run application instances, the types of, and configuration parameters for, virtual machines 2306-2310 on which to run instances of the application, configuration parameters for the instances of the application 2312-2316, the types of, and configuration parameters for, operating systems 2318-2322 to run on the virtual machines, the types of, and configuration parameters for, the virtualization layers 2324 and 2326, the types and characteristics of one or more storage devices or storage facilities 2328 and 2330, the types and characteristics of networking facilities 2332 and 2334 to allocate within the computing facilities, and the types and characteristics of the CPU/memory computational resources 2336 and 2338 to allocate within one or more computing facilities. In addition, the application blueprint includes constraints, such as the maximum average message-transmission latency between computing facilities, a minimum storage capacity, networking bandwidth, minimum CPU cycles per hour per virtual machine, and other such constraints. The application blueprint may additionally specify inter-component and inter-resource constraints and dependencies, such as the types of workloads generated by the application instances that correspond to expected patterns of storage access. An application blueprint, like the above-discussed configuration files for pipeline execution, is generally encoded in any of various types of hierarchical document encodings, such as JSON and XML. Different application blueprints for different applications may have different levels of specificity and detail. For example, users may be agnostic, for certain applications, as to whether or not the application instances are instantiated on multiple cloud-computing-provider systems and may be relatively unconcerned with regard to certain types of performance constraints. By contrast, users may have significant requirements for other applications, such as communications latencies and networking bandwidths for server applications that host front-and web servers for e-commerce applications.

FIGS. 24A-F illustrate processing of the application blueprint and the types of data extracted from the application blueprint by the automated application subsystem. As shown in FIG. 24A, the application blueprint is logically a hierarchical graph 2400. The root node 2402 corresponds to an application to be provisioned, installed, and configured across one or more cloud-computing-provider computing facilities. Second-level nodes 2404-2405 may represent, in the example shown in FIG. 23, geographically discrete computer facilities. Additional node levels specify virtual machines, application instances, operating systems, basic hardware support, and may include details at the level of individual virtual disks, represented by nodes 2406-2410 in the graph shown in FIG. 24A. Each node includes a specification for the corresponding computational resource and various constraints associated with the resource. The level of detail generally varies from application to application. As one example, many applications are generic with respect to operating system and processor hardware, but certain applications may be specifically developed for a particular operating system and even for a particular processor architecture. As shown in FIG. 24B, the graph also includes various types of constraints and dependency relationships between computational entities, represented as dashed lines, such as dashed line 2412 that represents an inter-resource constraint between the two network resources represented by nodes 2414-2415. This constraint may specify, for example, a maximum average latency for message transmission between the two network resources via the fastest wide-area-network interconnection between the two computer systems represented by nodes 2404 and 2405, a minimum average data-transmission capacity between the two network resources, or other such constraints and interdependencies.

FIG. 24C illustrates a two-dimensional matrix of specifications, constraints, and dependencies that alternatively represents the content of the application blueprint, illustrated in FIG. 23 and, alternatively, illustrated in FIGS. 24A-B. The two-dimensional matrix 2416 includes rows, labeled by computational resources that are alternatively represented as nodes in the graphs of FIGS. 24A-B, and columns, also labeled by the same computational resources used to label the rows. The diagonal elements in the two-dimensional matrix, including diagonal element 2418, have the same row and column labels, and therefore contain the specifications and constraints related to the computational entity corresponding to the row and column labels. The off-diagonal elements, such as off-diagonal element 2420, represent inter-computational-resource constraints and dependencies. The two-dimensional matrix is generally relatively sparse, since an application blueprint rarely contains information about constraints and dependencies between all possible pairs of computational resources specified in the application blueprint. Nonetheless, the two-dimensional-matrix representation provides an indication of the many possible single-computational-resource and inter-computational-resource specifications, constraints, and dependencies that may be encoded within an application blueprint. In FIG. 24C, and off-diagonal element 2422 is labeled with a circled “B” symbol and a diagonal element 2424 is labeled with a circled “A” symbol. These nodes are shown in greater detail in FIG. 24D. The diagonal element “A” 2424 includes various specified characteristics and constraints for disk d2 in the second storage system. These include a minimum data-storage capacity of at least 1.2 TB 2430, representation by the drive letter “Z” 2431, data encryption at the disk level by a particular encryption algorithm 2432, persistent data storage 2433, an on-board cache of at least 120 MB 2434, a sector size of 512 bytes 2435, 2000 sectors per track 236, a seek time of no greater than 0.4 ms 2437, a read bandwidth of at least 2 GB per second 2438, and a write bandwidth of at least 1 GB per second 2439. The off-diagonal element “B” 2440 includes interdependencies between the two network resources, alternatively represented by diagonal line 2412 in FIG. 24B, and includes an average inter-network message-transmission latency of no greater than 1.2 seconds 2442, an average data-transfer rate between networks of 800 MB per second 2443, a maximum inter-network latency of 2.0 seconds 2444, and a maximum packet-loss rate of 0.001 2445.

FIG. 24E illustrates the provisioning process carried out by the automated application subsystem. The provisioning process can be thought of as superimposing the two-dimensional matrix of specifications, constraints, and dependencies 2416, discussed above with reference to FIG. 24C, over the computational resources provided by those cloud-computing-provider cloud-computing facilities and private data centers, such as cloud-computing facility 2450, from which the automated application subsystem can allocate computational resources in order to provision, install, configure, and launch the application specified in the application blueprint from which the two-dimensional matrix 2416 was generated or the contents of which the two-dimensional matrix alternatively represents. The automated application subsystem essentially maps each of the diagonal elements of the two-dimensional matrix onto a computational resource provided by a cloud-computing facility or private data center. The mapping involves satisfying all of the specifications, constraints, and dependencies contained in the two-dimensional matrix and, in certain implementations, optimizing the mapping to achieve lowest possible cost. Significantly, the automated application subsystem does not attempt to collocate particular computational resources unless collocation of the computational resources is specified as a constraint or dependency in the application blueprint. For example, the automated application subsystem may find a low-cost mapping of diagonal elements of the two-dimensional matrix to computational resources in which the CPU/memory resources allocated to execute a particular application instance are allocated from a cloud-computing facility different from the cloud-computing facility from which the data-storage computational resources accessed by the application instance are allocated. In other words, there may be lower-costs mappings in which an application instance accesses data storage in a different cloud-computing facility over an electronic-communications network rather than accessing local data-storage facilities within the same cloud-computing facility. However, in order to carry out the detailed cost analysis needed to decide whether or not to collocate storage with CPU/memory for an application instance, the automated application subsystem needs to understand a typical type of workload exhibited by the application instance as well as the characteristics of the networking interconnection that would be used to interconnect the CPU/memory resources in one cloud-computing facility with the data-storage resources in a different cloud-computing facility.

FIG. 24F illustrates the types of constraints, characteristics, and dependencies that may be associated with a data-storage device and then application blueprint, some of which provide information that allows the automated application subsystem to carry out the cost analysis needed to determine whether or not to collocate CPU/memory computational resources with data-storage resources in a single cloud-computing facility. The dependencies, shown in a first column 2460, indicate that the data-storage device is to be shared among three geographically distinct locations. A first location 2462 includes four instances of an application, one of which is characterized by an I/O-bound workload, another by a big-data workload, and two others by CPU-bound workloads. The second location includes two application instances 2464, one characterized by a log-analysis workload and the other by a big-data workload. The third location 2466 includes four application instances, one characterized by an I/O-bound workload and the remaining 3 characterized by CPU-bound workloads. These dependencies provide, to the automated application subsystem, a basis for determining an expected data-transfer rate between the application instances and the data-storage device so that the automated application subsystem can determine an optimal location for the data-storage device. It may be optimal to collocate the data-storage device with the application instances in one of the locations. It may also be optimal, from a cost standpoint, to locate the data-storage device in a fourth cloud-computing facility, distinct from the three computing facilities in which the application instances are located. High data-transfer rates between an application instance and the storage device would argue for collocation of the data-storage device and application instance, while low data-transfer rates may provide greater flexibility in choosing the respective cloud-computing facilities on which to allocate the CPU/memory resources and the data-storage resources. When an application instance is characterized by a CPU-bound workload, increased latencies attendant with data transfer through networks may be significantly better tolerated than when application instances are characterized by I/O-bound workloads. A second column 2468 in FIG. 24F lists numerous constraints and specifications for the data-storage device and a third column 2470 lists additional characteristics and constraints. The constraints and specifications generally relate to data-storage capacity, high-availability and data-redundancy features, access latencies, data-transfer rates, the cost per megabyte of stored data per day, price per access, the lease period, various types of failure and health statistics, encryption features, and whether or not the data is persistent over power off and restart events.

FIG. 25 illustrates operation of a provisioning engine of the automated application subsystem that carries out mapping of application-blueprint-specified computational resources to allocable computational resources in one or more computing facilities within the provisioning stage (2210 in FIG. 22) of application provisioning, installation, configuration, and launching. The provisioning engine 2502 requests candidate computational resources 2504-2506 from a CPU/memory processor 2510, a network processor 2511, and a storage processor 2512. The CPU/memory processor retrieves CPU/memory profiles 2514 from a CPU/memory-profile store 2518 and filters the CPU/memory profiles to generate candidate CPU/memory resources 2504. The network processor retrieves network profiles 2515 from a network-profile store 2519 and filters the network profiles to generate candidate network resources 2505, and the storage processor retrieves storage profiles 2516 from a storage-profile store 2520 and filters the storage profiles 2516 to generate candidate storage resources. Each resource profile describes the computational resources of a particular class provided by a particular cloud-computing-provider cloud-computing facility or private data center. Each resource profile includes one or more items, each corresponding to a different type of computational resource. Resource profiles, like application blueprints, are encoded in JSON, XML, or another text-based document encoding language, in the described implementation. In a request for candidate resources, the provisioning engine provides, to a resource processor, specifications, constraints, and dependencies related to the computational-resource class handled by the resource processor to enable the resource processor to provide the provisioning engine with relevant resource candidates to facilitate determination of a cost-optimal mapping of application-blueprint-specified computational resources to computational resources allocated from cloud-computing-provider cloud-computing facilities and private data centers. The provisioning engine uses the optimal mapping to allocate the computational resources needed for execution of the application described in the application blueprint. Allocation may involve various tasks, including leasing computational resources from cloud-computing-provider computing facilities, distributing virtual-machines to computing facilities on which they will execute, and configuring secure network connections between virtual machines and computational resources accessed by the virtual machines. A provider monitor 2522 continuously monitors the various cloud-computing-provider cloud-computing facilities 2520-2521 and private data center to maintain accurate resource profiles for access by the CPU/memory processor, network processor, and storage processor. The provider monitor 2522 may be composed of multiple different monitoring and analysis subsystems specialized in evaluating available computational resources of particular types and for evaluating particular aspects and characteristics of the computational resources. The provider monitor may access automated computational-resource catalogs and/or may process input generated by various types of automated, semi-automated, and manual searching, evaluation, and analysis operations directed to compiling current, detailed information about currently available computational resources.

FIG. 26 provides a control-flow diagram for the mapping component of a provisioning engine (2502 in FIG. 25). In step 2602, the provisioning engine receives an application blueprint. In step 2604, the provisioning engine processes the application blueprint to extract the specifications, constraints, and dependencies associated with the computational resources needed to install and launch the application. As discussed above, these specifications, constraints, and dependencies can be considered to inhabit a generally sparse two-dimensional matrix. In step 2606, the provisioning engine requests candidate storage resources from the storage processor. In step 2608, the provisioning engine requests candidate CPU/memory resources from the CPU/memory processor. In step 2610, the provisioning engine initializes a local variable optimal_mapping and sets the local variable optimal_cost to a large number. In the outer for-loop of steps 2612-2622, each possible set in of available storage resources mapped to the blue-print-specified storage resources is considered. In the inner for-loop of steps 2613-2621, each possible set n of available CPU/memory resources mapped to application-blueprint-specified CPU/memory resources is considered. In general, a resource processor may return multiple available candidate resources for each application-blueprint-specified computational resource. As a result, in the described implementation, the provisioning engine considers the possible mappings of application-blueprint-specified resources to available candidate resources. In step 2614, the provisioning engine checks to determine whether or not the dependencies, specifications, and constraints provided by the application blueprint are satisfied for a currently considered combination of the m and n available-resource-to-blueprint-specified-resource mappings. When the dependencies, specifications, and constraints are satisfied, as determined in step 2615, the provisioning engine requests a set of candidate network solutions for the currently considered m×n mapping. A network solution includes network resources specified in the application blueprint as well as any additional network resources needed to interconnect computational resources distributed across multiple cloud-computing facilities. These latter network resources may not be explicitly specified in the application blueprint, but arise as side effects of mapping the application-blueprint-specified computational resources across multiple cloud-computing facilities. When a networking solution is provided by the network processor, as determined in step 2617, the provisioning engine computes a cost c for the currently considered m×n mapping. When the cost c is less than the cost currently stored in the optimal_cost local variable, as determined in step 2619, the optimal_cost local variable is set to c and the currently considered m×n mapping is stored in the optimal_mapping local variable, in step 2620. Following completion of the inner and outer for-loops, the provisioning engine determines, in step 2623, whether a mapping that satisfies the application-blueprint-specified constraints and dependencies has been found. If so, the mapping of application-blueprint specified computational resources to available computational resources is returned, in step 2624, to the provisioning engine, which uses the mapping to provision resources for execution of the application described by the application blueprint. Otherwise, a null value or other failure indication is returned in step 2625.

FIG. 27 provides a control-flow diagram for the storage processor (2512 in FIG. 25). In step 2702, the storage processor receives a set of specifications, constraints, and dependencies extracted from the application blueprint. In step 2704, the storage processor requests a set of storage profiles from the storage-profile storage facility (2516 in FIG. 25) and sets the local variable candidates to the null set. In the outer for-loop of steps 2706-2717, each requested storage resource in the set of specifications, constraints, and dependencies is considered. In the middle for-loop of steps 2707-2716, each storage profile returned by the storage-profile storage facility is considered. In the innermost for-loop of steps 2708-2715, each item in the currently considered storage profile is considered. In step 2709, the storage processor evaluates the specifications, constraints, and dependencies associated with the currently considered storage resource and currently considered storage item. When a hard constraint is violated, as determined in step 2710, the currently considered item is not entered into the set candidates. When a hard dependency violated by the currently considered item, the item is not included in the set candidates. In step 2712, the storage processor evaluates the cost of allocating a storage resource described by the currently considered item. When the cost is within cost constraints, as determined in step 2713, the item is added to the set candidates. Thus, the storage processor carries out initial filtering of available storage resources to produce a set of one or more candidate storage resources for each storage resource specified in the application blueprint.

Currently Disclosed Methods and Systems

Distributed applications that execute in cloud-computing environments represent an increasingly popular approach that is used by various types of organization to provide computational services to clients and users. Development of distributed applications has been facilitated by various types of distributed-application development environments and, more recently, by platform-as-a-service (“PaaS”) facilities provided by cloud-computing providers.

FIGS. 28-29C illustrate a hypothetical, generalized distributed application. As shown in FIG. 28, the distributed application runs within a cloud-computing facility 2802 on multiple server computers interconnected by local communications connections. Two front-end servers 2804 and 2806 receive requests from client and user devices 2808-2810 through the Internet 2012 and return corresponding response messages to the client and user devices. The front-and servers, or input servers, rely on additional back-end servers 2814-2823, including request-processing back-end servers 2814-2819, authorization servers 2820-2821, and other servers 2822-2823, to carry out requested tasks on behalf of clients and users.

FIG. 29A provides a high-level flow diagram for the distributed-application functionality carried out by the input servers 2804 and 2806 in the cloud-computing facility 2802 shown in FIG. 28. In step 2902, the input-server portion of the distributed application initializes communications interfaces, including local-network interfaces for communicating with back-end servers as well as interfaces for communicating with client and user devices through the Internet, and then continuously executes the event-processing loop represented by steps 2904-2917. The input server waits, in step 2904, for a next event to occur. The next-occurring event is processed in steps 2905-2915. When the next-occurring event is reception of an incoming request message, as determined in step 2905, the input server generates a descriptor for the request message and places the descriptor in a pending-message queue, in step 2906, and then forwards the message for processing to an authorization server, in step 2907. When the next-occurring event is reception of a response message from a back-end server, as determined in step 2908, the input server finds a descriptor that matches the response message in the pending-message queue, in step 2909, and that uses the descriptor to return the received response message to the requesting client or user, in step 2910. In step 2911, the descriptor is deleted. When the next-occurring event is a descriptor-time-out event, as determined in step 2912, then an error handler is called, in step 2913, to handle the unprocessed request message. Ellipses 2914 indicate that the input server may handle additional types of events. A default handler 2915 is called to handle rare and unexpected events. When there are more events that have arrived during processing of the currently processed event, as determined in step 2916, then a next event is dequeued and control returns to step 2905 to process the dequeued next event. Otherwise, control returns to step 2904, where the input server waits for a next event to occur. The event-loop model is used to describe additional distributed-application components, in FIGS. 29B-C, as well as additional functionalities subsequently described below.

FIG. 29B provides a control-flow diagram to illustrate operation of the authorization-server component of the distributed application, discussed above with reference to FIG. 28. Authorization services are one type of back-end server in the distributed-application implementation. FIG. 29B is also based on an event loop, similar to that shown in FIG. 29A. An authorization server handles incoming request messages forwarded from an input server by parsing the request message, in step 2920, and carrying out various tasks that determine whether or not the client or user that originally sent the request message is authorized to access a corresponding service provided by the distributed application. When parsing and authorization succeeds, as determined in step 2921, the authorization server generates and stores a descriptor for the parsed message in a processing-message queue, in step 2922, selects a request-processing server to process the request message based on the message type and on the current request-processing loads experienced by the request-processing servers, in step 2923, and then forwards the parsed request message to the selected request-processing server, in step 2924. When parsing fails, as determined in step 2921, the authorization service returns an error to the input server from which the request message was received, in step 2925. The authorization server processes response messages from back-end servers by locating the corresponding descriptor in the processing-message queue, in step 2926, returning the response message to the input server, in step 2927, and deleting the matching descriptor, in step 2928.

FIG. 29C provides a control-flow diagram to illustrate operation of the request-processing servers. Request-processing servers are another type of back-end server in the distributed-application implementation. FIG. 29C is also based on an event loop, similar to those shown in FIGS. 29A-B. When the processing server receives a request message forwarded from an authorization server, the processing server checks, in step 2930, whether there is an available process and thread to process the request message. When so, the processing server forwards the request message to an available thread, in step 2931. Otherwise, in step 2932, the processing server queues the received parsed request message to a work queue. Processing threads generate processing-completion events following completion of request processing. Upon occurrence of a processing-completion event, the processing server returns the response message produced by the processing thread to the authorization server from which the parsed request message was received, in step 2933, and generates a thread-available event, in step 2934. When a thread-available event occurs, as determined in step 2935, and when there are parsed request messages waiting for processing in the work queue, as determined in step 2936, the processing server dequeues a parsed request message from the work queue, in step 2937, and forwards the dequeued request message to an available thread, in step 2931. The thread then carries out the varies processing tasks needed to carry out the request encoded in the request message. These processing tasks are, of course, dependent on the type of request message and the types of requests that are processed by the particular distributed application. It is these processing steps that generally comprise the significant functionality of the distributed application. When an error event occurs, as determined in step 2938, an error handler is called, in step 2940. Of course, the distributed application illustrated in FIGS. 29A-C includes many additional details and much additional logic, but the implementation outline illustrates certain of communications, data-storage, and processing-scheduling considerations and details with which the designers and implementors of traditional distributed applications are concerned. The application developer would also, of course, need to manage acquiring and allocating computational resources in one or more cloud-computing facilities and deploying executables within various physical and/or virtual servers of one or more cloud-computing facilities.

Traditionally, development of distributed applications involved significant efforts to acquire, manage, and schedule operation of many different types of computational resources within a physical computing facility. As discussed above, blueprint-driven automated-application-installation subsystems of workflow-based cloud-management facilities can now automate many of the virtual-machine acquisition, management, and scheduling operations needed to support execution of the distributed application. Additional PaaS offerings from cloud-computing providers allow distributed-application developers to offload VM-acquisition, management, and scheduling operations. Nonetheless, in both cases, distributed-application developers still expend significant efforts in developing distributed-application code to implement input servers, back-end servers, manage inter-server communications, and manage request-message processing and generation of corresponding response messages.

More recently, a function-based approach to distributed-application development has emerged. This approach is referred to as the “function-as-a-service” (“FaaS”) approach to distributed-application development. FIG. 30 illustrates the FaaS approach. A distributed-application developer accesses a function-definition interface 3002 provided through the developer's computer system 3004 and a FaaS interface 3006 provided by a cloud-computing facility 3008. The function-definition interface allows a developer to define functions and to access the FaaS interface to instantiate the functions within a cloud-computing facility. The developer can then develop distributed applications based on function calls, with the distributed applications calling instantiated functions through the FaaS interface provided by a cloud-computing provider, without concern for where and how function execution occurs. The FaaS approach is one example of the emerging category of serverless architectures that free distributed-application developers from needing to concern themselves with VM acquisition, management, configuration, and scheduling.

FIG. 31 illustrates a distributed application, equivalent to the distributed application discussed above with reference to FIGS. 28-29C, implemented using a FaaS approach. As with previous figures, FIG. 31 illustrates an event-loop-based implementation. However, rather than implementing the input, authorization, and processing servers, the distributed application, shown in FIG. 31, calls instantiated functions. For example, the function “authorize” is called, in step 3102, to carry out authorization tasks and various processing functions 3104-3105 are called to process request messages of various types. Rather than explicitly managing various types of servers, queuing messages and tasks for future execution, and worrying about the acquisition, configuration, management, and scheduling of virtual machines and coordination of their activities through network communications, the application developer can instead rely on the cloud-computing provider to intelligently provision computational resources for instantiated functions and manage mapping of concurrent function calls to computational resources.

The FaaS approach provides many advantages to distributed-application developers, but is also associated with certain disadvantages. The FaaS approach they provide significantly reduced operational costs for function-based distributed applications. Application developers do not need to acquire, configure, and manage virtual machines and the servers on which they execute. Furthermore, it is often the case that execution costs are lower, both because FaaS-based distributed applications share computational resources with other users of cloud-computing resources and because FaaS-based distributed applications may avoid many of the dedicated processes and threads that continuously run in the background of traditional distributed applications, instead relying on rapid startup of execution environments within the cloud-computing facilities for execution of FaaS functions. FaaS-based distributed applications can be much easier to develop, leading to substantially reduced development costs. FaaS-based distributed applications generally automatically scale to handle varying demands on computational resources, since the cloud-computing provider assumes responsibility for allocating and deallocating computational resources dynamically to handle dynamic loads on instantiated functions. Of course, FaaS-based distributed applications are associated with little or no system-administration costs. In addition, FaaS-distributed applications are far easier to modify and enhance, because many of the complex communications, scaling, and configuration-related logic found in traditional distributed applications is no longer necessary and because FaaS-based distributed-application code can be far simpler, relying on well-compartmentalized, reasonably independent functions rather than complex interdependent code modules. However, the FaaS approach is also associated with inherent deficiencies. One of the chief problems is that FaaS-based distributed applications are often relatively locked-in with particular cloud-computing vendors, having been developed to interface with particular vendor-specific FaaS interfaces. As a result, operational costs are often not driven down through competition between cloud-computing vendors. In addition, there may be significant security and performance issues related to the fact that a given cloud-computing provider generally provides cloud-computing facilities to multiple different organizations, and there may be difficult-to-detect and difficult-to-control security leaks and performance interferences as a result. It may also be difficult to optimize FaaS-based distributed applications because the distributed-application developer can no longer devise and implement server-specific optimizations and improvements. There may also be various types of difficult-to-control startup and communications-latency issues, and testing and debugging live instantiated functions may be considerably more difficult than traditional distributed-application-development environments.

The currently disclosed automated-application-installation subsystem extends the above-described automated-application-installation subsystem to provide a distributed function-as-a-service capability through the above-described blueprint interface, referred to below as a “distributed FaaS” (“DFaaS”). The DFaaS addresses various disadvantages and deficiencies in the FaaS-based approach to distributed-application development. First, the DFaaS can deploy user-defined functions on any of multiple different cloud-computing-vendor facilities, thus removing the vendor-lock-in deficiency discussed above. Moreover, the DFaaS continuously monitors the capacities, fees, latencies, startup time, and other operational characteristics of FaaS-provided cloud-computing vendors in order to optimize function instantiation on behalf of users and clients. Because the DFaaS automatically instantiates and re-instantiates user functions on behalf of users, the DFaaS can employ cheap, ephemeral virtual machines provided by cloud-computing vendors to instantiate user functions on behalf of users. The overheads associated with constantly monitoring and re-instantiating user functions would be prohibitive for the users themselves. The DFaaS also continuously monitors the computational demands of functions instantiated on behalf of users to provide a second level of scaling in addition to that provided by particular cloud-computing vendors, so that FaaS-based distributed applications scale responsively to sharply varying function-execution demands. In addition, the DFaaS operates as a level of indirection between users of the DFaaS and cloud-computing vendors, which can reduce or eliminate various types of security risks and unintended function-internals exposure. An additional advantage of the DFaaS is that the DFaaS provides a single FaaS interface to users and automatically carries out whatever transformations are necessary to accommodate functions defined by users of the DFaaS FaaS interface to the vendor-specific FaaS interfaces through which the DFaaS instantiates user-defined functions.

FIG. 32 shows a YAML-Ain't-Markup-Language (“YAML”) encoding of a blueprint, or portion of the blueprint, that includes a definition of a function to be instantiated through the DFaaS for execution by one or more FaaS services provided by one or more cloud-computing providers. Calls to user-defined functions can be included in blueprint-defined distributed applications. Thus, as discussed further below, the DFaaS includes both a function-provisioning interface called during provisioning of blueprints, and a function-execution interface that allows instantiated user-defined functions to be called during distributed-application execution.

FIG. 33 illustrates modification of the provisioning engine, previously discussed with reference to FIG. 25. As shown in FIG. 33, the provisioning engine 2502 additionally calls a DFaaS provisioning interface 3302 in order to instantiate user-defined functions through cloud-computing-vendor FaaS interfaces and may also call any or all of the CPU/memory processor 2510, a network processor 2511, and a storage processor 2512 to provision local computational resources needed for calling instantiated user-defined functions.

FIG. 34 illustrates the currently disclosed distributed FaaS service. As discussed above, the DFaaS 3402 accesses a variety of different cloud-computing vendors 3404-3407 in order to instantiate user-defined functions on behalf of users. The DFaaS provides a provisioning-and-execution interface 3410, called during blueprint provisioning by the provisioning engine and by executing distributed applications to launch execution of user-defined functions instantiated through the provisioning interface 3410. In FIG. 34, a vertical dashed line 3414 partitions the internal components of the DFaaS into provisioning-related components 3416 and user-defined-function-execution components 3418.

The user-defined-function-execution components include a DFaaS execution engine 3420 and an FaaS execution engine 3422. In one implementation, the FaaS execution engine is an open-source FaaS framework, such as OpenWhisk, that can instantiate and execute user-defined functions on any of the various different cloud-computing vendors 3404-3407. The DFaaS execution engine 3420 receives a user-defined-function identifier and arguments, in one implementation, and transforms and packages this received information for consumption by the FaaS execution engine 3422, which calls the user-defined functions. In certain implementations, the FaaS execution engine 3422 maintains the information related to function deployments within cloud-computing-vendor facilities, in a local FaaS-execution-engine database 3423, accessing a provisioning-engine database 3425 only when the local FaaS-execution-engine database does not contain the needed information for a particular user-defined function.

The provisioning-related components 3416 include a DFaaS provisioning engine 3426, a function-affinity filter 3428, a latency filter 3430, a geo-location-constraints analyzer 3432, an infrastructure registry 3424, the provisioning-engine database 3425, an infrastructure prediction engine 3434, a spot-bid service 3436, a VM-bootstrap service 3438, an infrastructure health monitor 3440, and an infrastructure configuration engine 3442. The DFaaS provisioning engine 3426 receives a user-function definition in a request from the provisioning engine, employs the function affinity filter 3428 to obtain a list of candidate vendors on which to instantiate the user-defined function, and calls the spot-bid service 3436 to acquire an initial VM from a cloud-computing vendor within which containers are instantiated for execution of the user-defined function. The function-affinity filter 3428 determines a list of candidate cloud-computing vendors within which to instantiate a user-defined function. The latency filter 3430 evaluates candidate cloud-computing vendors with respect to latency requirements associated with a user-defined function and the geo-location-constraints analyzer 3432 evaluates candidate cloud-computing vendors with respect to location constraints and requirements associated with a user-defined function. The infrastructure registry 3424 stores information about VMs acquired by the spot-bid service. By contrast, the provisioning-engine database 3425 maintains information about user-defined functions. The infrastructure prediction engine 3434 periodically reevaluates the computational resources acquired for user-defined functions in order to ensure that the expected demand for execution of the user-defined functions can be satisfied by the computational resources acquired from cloud-computing vendors using time-series invocation and resource-consumption statistics. The spot-bid service 3436 accesses cloud-computing vendors to acquire virtual machines for instantiation of user-defined functions and stores information regarding those virtual machines in the infrastructure registry. The VM-bootstrap service 3438 boots up virtual machines acquired by the spot-bid service to prepare them for hosting user-defined functions, and stores information regarding the booted virtual machines in the provisioning engine database. The infrastructure health monitor 3440 continuously monitors acquired virtual machines so that, should the virtual machines be terminated by the cloud-computing vendors, replacement virtual machines can be acquired, as needed, by the DFaaS. The infrastructure configuration engine 3442 configures the FaaS execution engine 3422 to use bootstrapped virtual machines for instantiating containers for execution of user-defined functions. Various arrows in FIG. 34, such as arrow 3444, indicate interaction between internal components of the DFaaS. These interactions may be implemented by request/response messages communicated through local area networks, event-generation and event-handling mechanisms, and/or by various other inter-process communications mechanisms.

FIGS. 35A-K provides control-flow diagrams that illustrate the operational behavior of the various components of the DFaaS discussed above with reference to FIG. 34. Many of these control-flow diagrams illustrate event-loop-based implementations, similar to those discussed above with reference to FIGS. 29A-C. In these cases, the initial wait step and final steps associated with dequeuing any pending events are not again separately described.

FIG. 35A illustrates an implementation of the DFaaS execution engine (3420 in FIG. 34). The DFaaS execution engine is illustrated as a request-processing loop. In step 3501 a, the DFaaS execution engine waits for a next execution request delegated to the DFaaS execution engine by the DFaaS provisioning engine. When a next execution request is received, a function identifier is extracted from the received request, in step 3502 a. When the function identifier is present within a memory cache or database accessed by the DFaaS Execution engine, as determined in step 3503 a, calling information for the function, i, is retrieved from the cache, in step 3504 a, and the FaaS execution engine is called, in step 3505 a, with the argument i. The value returned by the execution engine, v, is returned to the requesting entity, in step 3506 a, and an execution event is generated in step 3507 a, discussed below. When the function ID is not present in the cache, as determined in step 3503 a, the function ID is used to access a function descriptor in the provisioning engine database, in step 3508 a. When a function descriptor is found, as determined in step 3509 a, the calling information is extracted from the function descriptor, in step 3510 a, and control flows to step 3505 a, where the FaaS execution engine is called. Otherwise, an error is returned in step 3511 a.

FIG. 35B illustrates an implementation of the DFaaS provisioning engine (3426 in FIG. 34). The DFaaS provisioning engine is illustrated as a request-processing loop, as is the DFaaS execution engine, in FIG. 35A. In step 3501 b, the DFaaS provisioning engine determines whether the next received request is a provisioning request. If not, the request is delegated to the DFaaS execution engine, ins step 3502 b. Otherwise, in step 3503 b, an indication of the function to provision, ƒ, is obtained from the received provisioning request. In step 3504 b, a signature for the function is computed, which is used, in step 3505 b, to search the provisioning engine database for a matching, already configured function. When such a function is found, as determined in step 3506 b, the identifier of the identified function is returned, in step 3507 b, to the requesting entity. Otherwise, in step 3508 b, the function affinity filter is called to obtain a list of candidate cloud-computing facilities in which to instantiate a virtual machine for the function, and the list of candidates c returned by the function affinity filter is used to call the spot-bid service, in step 3509 b, to acquire one or more virtual machines. When a VM has been successfully instantiated by the spot-bid service, as determined in step 3510 b, a ready-to-boot event is generated, in step 3511 b. Otherwise, an error is returned, in step 3512 b.

FIG. 35C illustrates an implementation of the function-affinity filter (3428 in FIG. 34). The function-affinity filter receives an indication of a function to provision, ƒ, in step 3501 c. In step 3502 c, the function-affinity filter characterizes the operational characteristics C of the function ƒ. In step 3503 c, the function-affinity filter accesses stored information to identify a set v of all possible cloud-computing vendors that can run the function ƒ. In step 3504 c, the function-affinity filter calls the latency filter to generate a list wl of weights for each candidate cloud-computing vendor in the set v that reflects the desirability of the candidate cloud-computing vendor with respect to response latency. In step 3505 c, the function-affinity filter calls the geo-location-constraints analyzer to similarly generate a list wg of weights reflective of the desirability of the geographical locations of the cloud-computing vendors. In step 3506 c, the function-affinity filter initializes a list of weights, w. Then, in the nested for-loops of steps 3507 c-3512 c, the function-affinity filter calculates, for each candidate cloud-computing vendor with index i in the list v, an overall weight w[i] that is the sum of a policy-related weight, weight(v_(i), p), for each vendor-selection policy p and the previously determined geo-location-constraint weight wg[i] and latency weight wl[i]. In step 3513 c, the list v of candidate cloud-computing vendors is sorted by overall weight, in descending order, and, in step 3514 c, the highest-weighted vendors are selected as the final members of the sorted list of candidate cloud-computing vendors, which is returned to the caller along with the operational characteristics C.

FIG. 35D illustrates an implementation of the latency filter (3430 in FIG. 34). The latency filter computes an estimated weight for each cloud-computing vendor in the for-loop of steps 3501 d-3505 d. The estimated weights generally have a relatively high value for those cloud-computing vendors with function-execution-and-response latencies below a threshold maximum desired latency included in the characteristics C of the function and then decrease quickly for latencies with increasing values beyond the threshold maximum desired latency.

FIG. 35E illustrates an implementation of the geo-location-constraint analyzer (3432 in FIG. 34). The geo-location-constraint analyzer operates similarly to the latency filter, discussed with reference to FIG. 35D, with the exception that the weight is estimated for each cloud-computing vendor, in step 3501 e, based on the proximity of the geographic location of the cloud-computing vendor to desired geographic locations contained in the characteristics C of the function ƒ.

FIGS. 35F-G illustrates an implementation of the infrastructure prediction engine (3434 in FIG. 34). The implementation of the infrastructure prediction engine is illustrated as an event loop in FIG. 35F. When a timer expiration occurs, as determined in step 3502 f, the timer is reset in step 3502 f and a list of current function identifiers ƒ is obtained from the provisioning-engine database, in step 3503 f. In the for-loop of steps 3504 f-3507 f, the infrastructure prediction engine reevaluates each current function via a call to the routine “re-evaluate.” When a prediction event occurs, as determined in step 3508 f, the particular function for which the prediction event was generated is reevaluated, in step 3509 f, by a call to the routine “re-evaluate.” When an execution event occurs, as determined in step 3510 f, the count of executions of, or calls to, the function for which the execution event was generated is updated, as are the time-series statistics maintained for the function, in step 3511 f. FIG. 35G shows an implementation of the routine “re-evaluate,” called in steps 3505 f and 3509 f of FIG. 35F. In step 3501 g, the routine “re-evaluate” receives a function identifier. In step 3502 g, the provisioning-engine database is accessed to obtain time-series statistics collected for the function and the time-series statistics are used to estimate a rate r of calls to the function, an average resource usage per call to the function, and an expected resource usage per unit of time for the function, R. In step 3503 g, a current capacity C is computed in terms of resources per unit time, represented by the VM shares currently allocated to the function. When R is greater than C, as determined in step 3504 g, more computational resources, as represented by additional VM shares, need to be allocated for use by the function. The additional resources are obtained by calling the function-affinity filter, in step 3505 g, to obtain a list of candidate cloud-computing facilities and then, in step 3506 g, generating a list l of VMs in the candidate cloud-computing facilities with spare VM shares. In the for-loop of steps 3507 g-3512 g, shares are allocated from the VMs in the list of VMs 1 for the function until either the required resources R is equal to the current capacity C, as determined in step 3510 g, or until there are no more VMs in the list l, as determined in step 3511 g. In the former case, the routine “re-evaluate” returns. In the latter case, to number of additional VMs need for execution of the function is determined, in step 3513 g, and the spot-bid service is called, in step 3514 g, to acquire needed VMs.

FIG. 35H illustrates an implementation of the spot-bid service (3436 in FIG. 34). The spot-bid service receives a list of candidate cloud-computing vendors v, a function identifier, characteristics C for the function, and an indication known of the number of VMs to acquire, in step 3501 h. In step 3502 h, a local variable obtained is set to 0. In the while-loop of steps 3503 h-3510 h, VMs are attempted to be acquired from each cloud-computing vendor in the list v in step 3504 h. When at least one VM has been acquired from the currently considered cloud-computing vendor, as determined in step 3505 h, the value in the local variable obtained is incremented accordingly, in step 3506 h, and information about the acquired VMs is stored in the infrastructure registry in association with the function identifier, in step 3507 h. The while-loop continues to iterate until the desired number of VMs is obtained, as determined in step 3508 h, or until the candidate cloud-computing vendors have been exhausted, as determined in step 3509 h. When at least one VM has been acquired the while-loop of steps 3503 h-3510 h, as determined in step 3511 h, a TRUE value is returned. Otherwise, a FALSE value is returned.

FIG. 35I illustrates an implementation of the VM-bootstrap service (3436 in FIG. 34). The VM-bootstrap service as illustrated as an event loop. When a ready-to-boot event occurs, as detected in step 3501 i, the VM-bootstrap service accesses the infrastructure registry to generate a list of VMs ready for booting, in step 3502 i, and then, in the for-loop of steps 3503 i-3506 i, initializes each of the VMs so that the VM is ready to host containers to run functions and also provides network connections to the VMs. Information about the bootstrapped VMs is entered into the provisioning-engine database. Ellipses 3507 i indicate that additional events may be handled by the VM-bootstrap service.

FIG. 35J illustrates an implementation of the infrastructure configuration engine (3442 in FIG. 34). The infrastructure configuration engine continuously waits for a timer expiration to occur, in step 3501 j. When the next timer expiration occurs, the timer is reset, in step 3502 j and then, in steps 3503 j-3506 j, the infrastructure configuration engine accesses the provisioning-engine database to prepare a list l of bootstrapped VMs that have not yet been configured. Then, in the for-loop of steps 3504 j-3506 j, configures the VMs in the list l.

FIG. 35K illustrates an implementation of the infrastructure health monitor (3440 in FIG. 34). The infrastructure health monitor is implemented as an event loop. When a VM-termination event occurs, as determined in step 3501 k, any local resources for the terminated VM are deallocated, in step 3502 k, and the provisioning-engine database is updated to reflect termination of the VM. In step 3503 k, the infrastructure health monitor generates a prediction event. When a timer expiration has occurred, as determined in step 3504 k, the provisioning-engine database is accessed, in step 3505 k, to generate a list of active VMs, and then, in the for-loop of steps 3506 k-3513 k, the infrastructure health monitor carries out a heartbeat exchange with each VM in the list, in step 3507 k, and, when the VM it is not responsive, carries out a health check in step 3509 k. When it turns out that the VM is no longer correctly operating, as determined in step 3510 k, the VM is terminated, local resources for the are deallocated, the infrastructure registry is updated, and a prediction event is generated in step 3511 k. The timer is reset in step 3514 k.

Although the present invention has been described in terms of particular embodiments, it is not intended that the invention be limited to these embodiments. Modifications within the spirit of the invention will be apparent to those skilled in the art. For example, any of many different implementations can be obtained by varying any of many well-known design and implementation parameters, including choice of virtualization layer, operating system, programming language, modular organization, data structures, control structures, and other such parameters. In the above-described implementation, shares of VMs are allocated to instantiated function, but, in alternative implementation, the unit of allocation may be containers or entire VMs. In the above-described implementation, a single VM is initially allocated for newly instantiated functions, but, in alternative implementation, various data may be used to predict a number of VMs or containers to allocate for newly instantiated functions. In various implementations, the set of different characteristics used to characterize a function may vary, as may the methods used to assign values for the different characteristics. 

1. An automated-application subsystem of an automated-application-release-management system within a cloud-computing facility having multiple servers, data-storage devices, and one or more internal networks, the automated-application subsystem comprising: an application-blueprint-generation subsystem that generates an application blueprint for a distributed application; an application-provisioning engine, to which the application blueprint is input, that allocates computational resources from one or more computing facilities for execution of the application described by the application blueprint, and interfaces to a distributed-function-service provisioning interface provided by a distributed-function-service to instantiate user-defined functions specified in the application blueprint; and a distributed-function-service execution interface provided by the distributed-function-service through which the distributed application calls the user-defined functions.
 2. The automated-application subsystem of claim 1 that is further incorporated in a workflow-based cloud-management system that additionally includes an infrastructure-management-and-administration subsystem and the workflow-execution engine.
 3. The automated-application subsystem of claim 1 wherein the application blueprint generated by the application-blueprint-generation subsystem describes the computational resources and application components that together compose an executing distributed application, including specifications of the computational resources and application components, constraints, characteristics, and dependencies of the computational resources and application components, and interdependencies among computational resources and application components.
 4. The automated-application subsystem of claim 1 wherein the distributed-function-service instantiates user-defined functions within execution environments acquired by the distributed-function-service from multiple cloud-computing facilities, including virtual machines and containers within virtual machines.
 5. The automated-application subsystem of claim 4 wherein the distributed-function-service, in addition to the distributed-function-service execution interface and the distributed-function-service provisioning interface, further comprises a provisioning-engine database that stores information about user-defined functions, execution environments acquired by the distributed-function-service, and other information used by the distributed-function-service to instantiate and re-instantiate user-defined functions within execution acquired by the distributed-function-service.
 6. The automated-application subsystem of claim 5 wherein the distributed-function-service further comprises: a function-as-a-service execution engine that instantiates and executes user-defined functions on the multiple cloud-computing facilities; and a distributed-function-service execution engine that receives, through the distributed-function-service execution interface, an indication of a user-defined-function and arguments supplied to the user-defined-function, transforms and packages the received indication of the user-defined-function and arguments into calling information, and passes the calling information to the function-as-a-service execution engine.
 7. The automated-application subsystem of claim 6 wherein the distributed-function-service execution engine accesses stored information that specifies a format and a content for the calling information for the indicated user-defined function, the stored information maintained in the provisioning-engine database and recently accessed stored information maintained in a memory cache.
 8. The automated-application subsystem of claim 6 wherein the distributed-function-service further comprises an infrastructure configuration engine that configures the function-as-a-service execution engine to use bootstrapped virtual machines acquired by the distributed-function-service execution for instantiating containers for execution of user-defined functions.
 9. The automated-application subsystem of claim 5 wherein the distributed-function-service further comprises: a latency filter that evaluates candidate cloud-computing facilities with respect to latency requirements associated with a user-defined function; a geo-location-constraints analyzer that evaluates candidate cloud-computing facilities with respect to location constraints and requirements associated with a user-defined function; and a function-affinity filter that determines a list of candidate cloud-computing facilities within which to instantiate a user-defined function by; characterizing the user-defined function, accessing the infrastructure registry to generate a list of candidate cloud-computing facilities on which the user-defined function can be instantiated, filtering the list of candidate cloud-computing facilities, via a call to the latency filter, to select candidate cloud-computing facilities compatible with latency requirements associated with the user-defined function, filtering the list of candidate cloud-computing facilities, via a call to the geo-location-constraints analyzer, to select candidate cloud-computing facilities compatible with location requirements associated with the user-defined function, and filtering the list of candidate cloud-computing facilities for compliance with one or more cloud-computing-facility-selection policies.
 10. The automated-application subsystem of claim 9 wherein the distributed-function-service further comprises a spot-bid service that accesses cloud-computing vendors to acquire virtual machines for instantiation of user-defined functions,
 11. The automated-application subsystem of claim 10 wherein the distributed-function-service further comprises a distributed-function-service provisioning engine that receives an indication of a user-defined function in a request from the distributed-function-service provisioning interface, searches the infrastructure registry for an already-instantiated user-defined function that matches the indicated user-defined function, and when no already-instantiated user-function is found in the provisioning-engine database, calls the function affinity filter to obtain a list of candidate cloud-computing facilities on which to instantiate the user-defined function, and and calls the spot-bid service to acquire an initial execution environment from a cloud-computing facility for execution of the user-defined function.
 12. The automated-application subsystem of claim 10 wherein the distributed-function-service further comprises an infrastructure prediction engine that periodically reevaluates the computational resources acquired for user-defined functions in order to ensure that the expected demand for execution of the user-defined functions can be satisfied by the computational resources acquired for execution of the user-defined function from the multiple cloud-computing facilities; maintains time-series invocation and resource-consumption statistics for each user-defined function; and reevaluates the computational resources acquired for a user-defined function, an execution environment allocated for which has been terminated, in order to ensure that the expected demand for execution of the user-defined function can be satisfied by the computational resources acquired for execution of the user-defined function from the multiple cloud-computing facilities.
 13. The automated-application subsystem of claim 12 wherein the computational resources acquired for a user-defined function are reevaluated by: accessing time-series invocation and resource-consumption statistics for the user-defined function to estimate an expected resource-usage-per-unit-time R; determining the current capacity C of the computational resources allocated for the user-defined function; when the current capacity C is greater than the expected resource-usage-per-unit-time R, deallocating computational resources allocated for the user-defined function so that C is equal to R; and when the current capacity C is less than the expected resource-usage-per-unit-time R, allocating computational resources allocated for the user-defined function so that C is equal to R by using additional capacity for already acquired, compatible execution environments, when available, and when current capacity C is still less than the expected resource-usage-per-unit-time R, acquiring additional execution environments for execution of the user-defined function.
 14. The automated-application subsystem of claim 6 wherein the distributed-function-service further comprises a bootstrap service that boots up virtual machines to prepare them for hosting user-defined functions.
 15. The automated-application subsystem of claim 6 wherein the distributed-function-service further comprises an infrastructure health monitor that continuously monitors acquired virtual machines so that, when one or more of the virtual machines have been terminated by the cloud-computing facilities, replacement virtual machines are acquired, as needed, by the distributed-function-service.
 16. A method, carried out by an automated-application subsystem of an automated-application-release-management system within a cloud-computing facility having multiple servers, data-storage devices, and one or more internal networks, that provides a distributed-function service, the method comprising: providing a distributed-function-service provisioning interface through which an application-provisioning engine instantiates user-defined functions specified in a distributed-application blueprint on one or more cloud-computing facilities; and providing a distributed-function-service execution interface through which a distributed application calls user-defined functions instantiated on the one or more cloud-computing facilities.
 17. The method of claim 16 wherein the distributed-function-service provisioning interface invokes a distributed-function-service provisioning engine that receives an indication of a user-defined function in a request from the distributed-function-service provisioning interface, searches a provisioning-engine database for an already-instantiated user-defined function that matches the indicated user-defined function, and when no already-instantiated user-function is found in the provisioning-engine database, calls a function affinity filter to obtain a list of candidate cloud-computing facilities on which to instantiate the user-defined function, and and calls to spot-bid service to acquire an initial execution environment from a cloud-computing facility for execution of the user-defined function.
 18. The method of claim 17 wherein the distributed-function service periodically reevaluates the computational resources acquired for user-defined functions in order to ensure that the expected demand for execution of the user-defined functions can be satisfied by the computational resources acquired for execution of the user-defined function from the multiple cloud-computing facilities; maintains time-series invocation and resource-consumption statistics for each user-defined function; and reevaluates the computational resources acquired for a user-defined function, an execution environment allocated for which has been terminated, in order to ensure that the expected demand for execution of the user-defined function can be satisfied by the computational resources acquired for execution of the user-defined function from the multiple cloud-computing facilities.
 19. The method of claim 16 wherein the distributed-function-service execution interface invokes a distributed-function-service execution engine that receives, through the distributed-function-service execution interface, an indication of a user-defined-function and arguments supplied to the user-defined-function, transforms and packages the received indication of the user-defined-function and arguments into calling information, and passes the calling information to a function-as-a-service execution engine.
 20. A physical data-storage device that stores a sequence of computer instructions that, when executed by one or more processors within an automated-application subsystem within a cloud-computing facility having multiple servers, data-storage devices, and one or more internal networks, control the automated-application subsystem to: provide a distributed-function-service provisioning interface through which an application-provisioning engine instantiates user-defined functions specified in a distributed-application blueprint on one or more cloud-computing facilities; and provide a distributed-function-service execution interface through which a distributed application calls user-defined functions instantiated on the one or more cloud-computing facilities. 